The Challenges For Facebook’s Social Authentication
Facebook started rolling out some new security features yesterday. One very interesting feature is the Social Authentication. It gives a social twist to the normal captcha by replacing the weird text with photos of your Facebook friends. At first glance, this looks like a very good idea - there is no way bots or persons impersonating you would know your friends.
However, when I think about it for a second time, I can see many problems that this would run into. The idea behind this is that people gets tagged in photos and Facebook challenges you to identify that friend on those photos. The idea is really cool but there is a problem - people do not use the photo tag feature as intended by Facebook.
People tend to tag their friends on pictures of all sort of objects to get their attention to the picture. Everyday I get tagged in cartoons, cats, dogs, some drawing, random objects etc. For example, here are some pictures on which I am tagged.
I am pretty sure that most of my Facebook friends will not know it is me if any of these pictures shows up in their social authentication. To make this work, Facebook have to use face recognition technology. They have already started adding some face recognition features in their album. But right now it is pretty rudimentary and given the amount of photos that people upload to Facebook everyday, I doubt if it is even feasible.
This social authentication is not a new feature. Facebook has been experimenting with it for sometime. I have never seen it first hand but people, who have used it, complains of the same problem and says the system is not very usable at the moment.
What we have been talking about so far is purely a technical issue. However, there is another which may still cause problem even if the previous one is tackled. Friendship in Facebook is a different concept from actual real life friendship. While I will recognize all of my real life friends, I most certainly will not be able to recognize all of my Facebook friends. There are people on my Facebook friend list who was my classmate in high school years ago, people I met at some events, people I talk to online etc. I will not be able to recognize them in all their photos. And even if Facebook limits the photos to a few close friends on Facebook, I most certainly will be unable to recognize my friends in pictures that was taken maybe 10 years ago.
It seems like the whole concept of Social Authentication is based on data that are very unreliable by nature. Facebook will need to come up with something amazing to get this to work flawlessly.
While the problems mentioned above are applicable to most of the normal users, there is another problem which some popular figures will face. Facebook allows a maximum of 5000 friends and many popular people have close to that number of friends. Take for example, Michael Arrington of TechCrunch, he has more tha 4700 friends on Facebook. No matter what, there is no way anyone will recognize all the 4700 people. On top of that add the pictures of random objects mentioned earlier and the system behind Social Authentication has a very serious challenge.
Facebook have some of the best engineers. It will be interesting to see how they tackle these issues.