Facebook the Authentic You…

Authoritative Compass

An article in USA Today was touting the virtues of using the “building block” of the internet such as the likes of Google™, Amazon™ and Facebook™ titled: Google, Amazon, Facebook put start-ups on fast track, caught my attention as one of the “blocks” they suggested using was “Facebook” authentication.  This started me thinking as if this was the long awaited for Holy Grail of the security age as here Mark Zuckerberg could be the holder of your “four magic keys“.

As to prove you are really “you” in the virtual world is a turning out to be a challenging task to say the least and is especially important should we wish to further the economic drivers of capitalism on the net.  However the conventional tenants say that in order to validate yourself with any measure of security you need to prove you are really you, typically this is done via some form of biometric attribute such as a finger print, iris scan, hand print or the like.

However we’ve all seen the Da Vinci Code and know how well an iris scanner works when you pluck an eyeball out.  Then there is the “Jello” trick where a finger print is lifted with a piece of tape and placed on to a Jello stick which is capacitive to defeat finger based biometric systems.

So how is it possible to increase the probability of authentication then if even physical systems can be compromised?  Here one needs to employ what I’ve coined as the “Authoritative Compass” which is comprised of four interlinked personal keys:

1. Something you “know
2. Something you “have
3. Something you “are
4. “Someplace” you are

As you can quickly see, Facebook™ has this data on you already along with the ability to correlate it altogether.  So in short a system could challenge something you “know” such as the name of say a “friend“.  Then there is what you “have” such as cars, pets, children or relationships as this will create a unique combination and again the “are” is filled by a posted job, parental or family status.  While the final joining factor is then “where you are” which can be gathered from an IP address, GPS data from a smart phone or simple triangulation services from cellular towers.  As here one can quickly see, once the compass is engaged and aligned the level of uniqueness is significant mathematically.

However on the surface this appears to be a complex option, however in fact, since Facebook™ has all of this information.  As you log into a system, from Facebook™ (authentication services) it would hash the name of a relative, thus your response would be their name fulfilling something you “know” which is the name and second is the “have” being the “relationship” while the “are” is answered by the converse of the relationship as if:

1. Bob Newhart (something you know)
2. Nephew (something you have)
3. Uncle (something you are)

Then there is the “where” you are again to provide the final hash  to complete the equation as even if some rogue operative in the back woods of Russia gets the first three.  The final hash will fail to complete the “four magic keys” however as you travel Facebook™ will know from your IP and can update the hash dynamically.

While this was a rather simplistic view, the concepts are clear around the possibilities the social giant Facebook™ could bring to bear on the Web 3.0 social model…

About Joseph Campbell

As a strong believer in the fact that "people work for people", it has been a life driver to better to understand the complexities of the various aspects which drive efficiency within this axiom, especially the concepts of leadership. Supporting this, I have been fortunate enough to having experienced this as leader on a global basis over the last decade and half. During this time it has been clear there are three core drivers being Life, Leadership and Economics.
This entry was posted in Economics... and tagged , , , , , , , , , . Bookmark the permalink.

2 Responses to Facebook the Authentic You…

  1. The problem is that – speaking as someone who has had his Facebook account hacked by the Nigerian scam – once someone has your password they can go into your account and change your password before any secondary security checks can be employed. My experience was over one year ago, hopefully FB has figured out how to match history of login IP locations and invoke the security questions during the login process, like many financial institutions do.

    • Joseph Campbell says:

      Let also not for get the Firesheep fiasco that demonstrates HTTP session hijacking attacks against FB too. As the key isn’t what FB does, however what it has the in the information do as from a day job was involved in discussions very much like this one (including Nigeria) and thus the clear obsolescence of the linked ID/Password word combo thus the concept of the Authoritative Compass…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s