Sid Doesn’t Do Facebook

Sid doesn’t do Facebook and makes the point about giving identity thieves yet another place to try to get your personal data. An unrelated article discusses the risk posed by session stealing.

I will now relate the two. Facebook doesn’t seem to support SSL for anything other than authentication. I tried going to https://www.facebook.com. I could authenticate, but every page I went to after that switched back to HTTP.

Session stealing is the biggest security risk that isn’t being discussed. If your site is not using SSL for all post authentication access, your data is vulnerable. Especially if you are accessing it in a public Wi-Fi network.

Facebook should allow SSL access as an option for the more security minded user. Until that happens I’m sticking with Sid.


_____
tags: Facebook |  Identity |  Identity Management |  Identity Theft |  Privacy |  Security