Information-Driven Business
Robert Hillard

Login with social media
by Robert Hillard

With a little work, social networks have the potential to be as valuable in confirming an identity as a passport.  It is the power of the crowd that can prove the integrity of the account holder, perhaps best described as crowdsourcing identity.

There are usually two goals of identity.  The first is to confirm you are you who you say you are and the second is to work out your relationship to other people.

Social networks can solve both.  We’re all familiar with the burgeoning number of websites that allow you to “login” with Facebook, LinkedIn or Twitter.  The vast majority, though, are simply using a convenient approach to challenge and permit access.  Rather than maintaining a new set of credentials, they are using a mechanism that maintains those sensitive details externally.

This is to be applauded and is entirely consistent with the objectives of cloud to share services rather than build complete vertical solutions from the ground up.  However, just accepting a social network’s credentials only uses a fraction of the capability that aligning with these services offers.

Telephone directories

In past decades, our grandparents carefully checked the telephone directory when it came out to make sure all their family and friends were listed correctly.  With the whole city doing the same thing, any mistakes (or even deliberate fraudsters) were pretty quickly uncovered.

Today, phone directories are barely looked at and are, at best, incomplete.  Once you get through an ID check, your details are entirely within your control and very likely to go unchallenged.

Social networks are different.  While the profile that is created is self-regulated, its exposure to the friends forces a level of honesty.  It may be easy to create a false identity, but a profile that is fully connected with the network and is actively maintained is much harder to fake for an extended period.  Some of the things to look for include: levels of activity, numbers of “friends” or connections who are themselves active and connected, cross-posting and the amount of detail on the profile.

A CV to be trusted

Many employers now prefer LinkedIn to a CV for the simple reason that it is harder to fake qualifications and experience.  A CV prepared for an employer requires reference checking and verification that often doesn’t happen.

The media is full of stories of senior people who have been caught claiming qualifications that they never completed.  Compare that to the profile on LinkedIn where there are usually hundreds of connections, any one of which will call out if a false qualification is claimed or the description of employment is exaggerated.

Moreover, for most employers the network of connections in common is extensive and a whole range of potential points of verification are added, even if confidentiality requires waiting until after employment has commenced.  Just the knowledge that this is likely to happen discourages would-be fakes.

Credentials that aren’t shared

Just as people will grab their smartphone before almost any other possession in an emergency, it seems that they value their social media login credentials above almost any other password.

People will often happily give out their credentials for video streaming services (such as Netflix).  They allow their trusted family members to use their banking user details.  They will even allow support staff at work to have their network password.  But ask for access to their Facebook or LinkedIn account and they will refuse as it sits at the centre of their trusted friend network.  Access to this core is just too sensitive to share.

In the future we could see building security where you “login with Facebook” and banks using social media credentials as part of identifying a customer when creating a new account.

A fair exchange of value

Whether a business or government service, it is important that the consumer or citizen receives fair value for using social media to identify themselves.  The key is full disclosure.

If all that the Google, Facebook, Twitter or LinkedIn account is doing is providing access then the exchange is one of convenience.  For the user, there is one less password to maintain and the site owner there is one less point of exposure.

However, it may be that the site or service needs to know about relationships, locations or other details which are maintained in the service.  Full disclosure allows the user to feel confident on what is being used and why.  If the use is appropriate to the user’s needs then this approach provides a way of updating their personal details without their filling out as many forms.

Many online services need not have any username or password data at all and those that do may only need it for those customers or citizens who want to opt-out of the social media revolution.  Arguably, this last group maintain less of their details online and are usually less exposed in the event of security breach.

Good practice suggests using social media as part of an identity service rather than government or business trying to create yet another master, standalone, identity solution of their own.

comments powered by Disqus

blogThe Information-Driven Business blog is published monthly:

   2019   2018   2017   2016   2015
   2014   2013   2012   2011   2010

Also featured from the Information-Driven Business blog:

Maturing the information economy
Today it costs a fraction of a fraction of a cent per megabyte to store data, but it is less than 30 years since the cost of data storage dropped below one US dollar per megabyte. It seems that one … Continue reading

Common sense has never been more important
The administration of day-to-day life seems like it has never been more complicated. We all seem to be constantly navigating new services, products, registrations, cards, identification and so much more. New requirements are being layered over the top of basic … Continue reading

Opportunities beyond startups
Is it just me or has the world gone mad for startups and writing software? Don’t get me wrong, I am a big fan of startups and all that they bring to the economy. However, if you read the business … Continue reading

Email works too well
Everyone who regularly feels overwhelmed by their email would agree that there is a problem.  The hundreds of articles about the issue typically make the same assumption and are wrong. Writer after writer bemoans email as inefficient and an obstacle … Continue reading

The Internet was a mistake, now let’s fix it
Each generation over the last century has seen new technologies that become so embedded in their lives that its absence would be unimaginable. Early in the 20th century it was radio, which quickly become the entertainment of choice, then television, … Continue reading

© 2010-2019 Robert Hillard