600,000 identities compromised per day at Facebook

Facebook put out an infograph revealing that 600,000 identities are compromised per day. That’s a lot of identities. Continuing from a previous post of mine, you could perhaps conclude that Facebook Connect is suitable for casual identity, but not for strong identity.

It’s not that Facebook isn’t trying to protect identities.The infograph reveals an impressive array of risk management tools. Facebook certainly look like they are setting themselves up to be a strong identity provider.

I suggest that the casual value of Facebook to most people is what gets in the way of Facebook acting as a strong identity source. People chose weaker passwords and are less inclined to be serious about account recovery steps then they would be with a bank, PayPal or even email account. A second issue is that users are more susceptible to phishing and spam issues by virtue of Facebook being a popular target with a large attack surface. Not to mention that users may be a little wary of Facebook’s track record of leaky privacy and therefore less willing to give up vital data needed to protect their identity (e.g. cell phone numbers and security questions).

For a further examination of the issue of Facebook identity compromises please read this Sophos article.