Nearly every day we view our Twitter feeds or watch the news, we see calls to boycott various companies, products, and services. The reasons can vary tremendously, but more often than not, it comes down to one thing - trust.
Do we trust companies to act ethically towards employees or vulnerable ‘customers’? Will they act respectfully to the environment and animals? Are the listed ingredients accurate on your favourite food product? And one area getting a tremendous amount of publicity is (particularly as we draw ever nearer to the GDPR deadline): do we trust companies to be respectful of our data?
One of the recent movements related to this is #DeleteFacebook, following the alleged misuse of data involving Cambridge Analytica (and Facebook). As with a lot of these events, once the dust begins to settle, the impact of such actions begins to surface.
A lot of websites and apps use Facebook/Google/et al., for authentication and identity management. On the face of it seems like a quick, easy option, and everyone is using these services right? Well, that’s correct as long as people do continue to use the services. If in the circumstances mentioned above, use of a service declines, everyone is impacted:
As a service provider - are you alienating a customer-base who want to use an alternative authentication mechanism? Do you have those alternative methods available?
As a customer - how many of the services you regularly use, utilise Facebook (or similar) for identity management? Can you/do you need to create multiple new accounts using an alternative login method? Can you easily transfer your data to the new account?
What happens if the identity management solution becomes no longer economically viable to run?
From the service providers perspective - when designing cloud solutions, it’s important to enable users to select from a mix of authentication methods including good old-fashioned email and password. This ensures inclusiveness and does not back you or your customers into a corner.
The answer for customers is less clear-cut. For the enterprise, dedicated single sign-on (SSO) solutions, such as Okta and Microsoft Azure AD Connect are likely to be more robust over offerings from social networks (with potentially less intrusive privacy policies). However, there is still a chance that these services can be deprecated and you’re left with the same issues described earlier. Interestingly, blockchain technology might change the whole industry as it could mean the end user owns the authentication key/private key, taking the responsibly away from the companies
In the meantime, use of biometrics for identity management is increasing (think fingerprints, iris scans etc.) - these also don’t come without a health warning; in the event of a data breach, it’s relatively easy to change your password, it’s less easy to change your fingerprints or iris (think Minority Report…!)
The saving grace for Facebook (and all other tech companies), is that in spite of all the coverage, trust in technology (vs our fellow human beings) is at an all-time high. A fascinating article recently posted on The Hustle reported the increase in 'engineered’ or ‘virtual trust’ that technology creates. But that’s a topic for another day.