One of the Internet’s necessary evils is about to get worse in the name of Facebook security.
The so-called “social authentication” kicks in when Facebook suspects malicious activity — for instance, if you try to sign in from different parts of the world in the span of a couple hours. You’ll then have to identify a few friends through multiple-choice questions to access your account.
Not true. In Facebook’s push to make users share more personal information, friends lists are now one of the things Facebook makes public by default. So unless you’ve told Facebook not to share your basic profile information with the world, a hacker could easily pull up your profile, scroll through your entire friends list and match pictures to names.
Meanwhile, this little friendship pop quiz could backfire if you’re ever confronted with it. What if Captcha asks you to identify someone you met at during a college bar crawl and never purged from your friends list? And could you confidently pick all your distant relatives and elementary school pals out of a line-up? (The upside: Now you’ve got a reason to clean your profile of unwanted associations.)
I know I’m being alarmist here. Chances are, most users will never see one of these social Captchas, and if they do, they probably won’t run into the aforementioned scenarios. But Captchas are one of the Web’s biggest annoyances, and supposed advancements like these are just an acknowledgment that the current Captcha system is broken. Inevitably, this system will also fail, and we’ll need even more inconveniences to prove who we are.