Telcos Gear Up To Fight Facebook and Google Over How You Log Into Websites (mashable.com)

← Back to Stories (view on slashdot.org)

Telcos Gear Up To Fight Facebook and Google Over How You Log Into Websites (mashable.com)

Posted by msmash on Saturday April 1, 2017 @01:16AM from the picking-a-fight dept.

Mashable has an interesting article that talks about the penetration of "social authentication" services: There are two ways to log in on websites: try to recall the email address and password you registered with -- or simply hit the "Facebook Login" button. The convenience of the latter underscores the popularity of social authentication options. You'll see Facebook and Google login buttons on popular sites including Netflix, Uber, Spotify, Imgur and Linkedin, just to name some. Facebook itself estimates that some 350 million people log into a new app or site with their Facebook credentials every month. Olga Kuznetsova, Engineering Manager at Facebook told us that the Facebook Login button ranks in the top three of consumer account creation and sign-in preferences worldwide. More than 85 of the top 100 apps in the U.S. market use Facebook's Login gateway as a login, she added. For years, Google and Facebook have assumed control over the social authentication space, the article adds, citing numbers from companies and analysts. But interestingly, telecom operators are prepping to fight for a slice of the space. So-called mobile identity is one of several projects being developed in the industry to reinforce the position of network operators, which have already suffered an erosion of their traditional communications businesses by the rise of large US technology groups such as Facebook and Google, analysts say. The article adds: Mobile Connect is an authentication solution that the GSMA, the global telecoms industry trade organisation, has been working on for over three years. Through Mobile Connect, GSMA is offering users a much more convenient and "more secure" sign-in option, Jaikishan Rajaraman, global head of technology at GSMA said. The authentication service only requires users to enter their phone number when signing in. There is no password box. When a customer enters her phone number, her carrier (telecom operator, in this case) vouches for her identity. Incredibly, over 42 operators in 22 nations are on-board with Mobile Connect, and the service is already live to over 3.1 billion people. The article adds that GSMA is in talks with governments to add Mobile Connect on their websites and apps. Interestingly, banks, that have long resisted the idea of having Google's and Facebook's authentication service, are also showing interesting.

50 comments

Min score:

Reason:

Sort:

Second Post by Anonymous Coward · 2017-04-01 01:18 · Score: 0

April jollies, I'm first! Gotcha!
Trump 2018!
Single User Per Hosuehold? by sanosuke001 · 2017-04-01 01:41 · Score: 1

So, this requires that there's a single user per phone number? And if you only have a landline then this equates to a per household login? And if you use your mobile number how is your ISP going to vouch for that unless they're your mobile carrier, too?

--
-SaNo
1. Re: Single User Per Hosuehold? by fubarrr · 2017-04-01 02:18 · Score: 1
  
  Anybody with low level access to phone network can intercept anybody's messages and steal anybody's phone number with ease
Pass... by FatdogHaiku · 2017-04-01 01:41 · Score: 1

Because SPAM is not doing well enough in the email space, it must be moved to into SMS and RoboCalls as well!

--
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
1. Re:Pass... by camperdave · 2017-04-01 02:50 · Score: 1
  
  Spam is going to go wherever human attention goes.
  
  --
  When our name is on the back of your car, we're behind you all the way!
"underscores" by sacrilicious · 2017-04-01 01:47 · Score: 0

or simply hit the "Facebook Login" button. The convenience of the latter underscores the popularity of social authentication options.
Sure, the same way that putting on clothes underscores being warmer, and having sex underscores feeling good.

I don't think "underscore" means what you apparently think it means.

--
- First they ignore you, then they laugh at you, then ???, then profit.
1. Re:"underscores" by Anonymous Coward · 2017-04-01 01:58 · Score: 0
  
  _______________________
  Filter error: Your comment looks too much like ascii art. God forbid.
Why? by Gravis+Zero · 2017-04-01 01:51 · Score: 1

Why are people still using Facebook?

--
Anons need not reply. Questions end with a question mark.
1. Re:Why? by Anonymous Coward · 2017-04-01 01:53 · Score: 0, Funny
  
  I was going to open up an escort site called Fuckbook, but someone beat me to it. It does have a nice ring... friend me on Fuckbook.
2. Re:Why? by meatspray · 2017-04-01 03:44 · Score: 1
  
  The unwashed masses wish to speak with each other in a public format. 80% of the unwashed masses are already on Facebook, so it's quite difficult for other social, semi-open services to get a foothold.
3. Re:Why? by dugancent · 2017-04-01 04:46 · Score: 1
  
  Because it's the only way my (rather large) family communicates.
  
  --
  SJWs are the new boogeyman. -Me
4. Re:Why? by Anonymous Coward · 2017-04-01 05:12 · Score: 0
  
  Because it's the only way my (rather large) family communicates.
  Okay, but why use Facebook to communicate?
  I communicate with a lot of people and have never used Facebook. Also, people were communicating with families and friends before Facebook was even a thing. Why use it in particular, when there are almost an endless number of other choices?
5. Re: Why? by dugancent · 2017-04-01 06:55 · Score: 1
  
  I don't know they chose it, they just did. They use it to share pictures of family events and RSVP for get-togethers, otherwise you find out the information second or third hand.
  I don't particularly like Facebook and only use it to keep in touch (I never post anything and I keep their trackers blocked), but they are pushing 2 billion users. If only 25% of them are active and legit, that's still more than the population of the U.S., so I guess the reason is because most people are using it.
  
  --
  SJWs are the new boogeyman. -Me
For mobile by 110010001000 · 2017-04-01 01:52 · Score: 4, Insightful

Sure, that works for mobile (I guess). Although at that point why have the user enter their phone number at all? It is already known, presumably they can map the IP (or whatever they use), to the mobile phone number automatically. We do have a Open Standard for auth, oauth. Unfortunately it doesn't generate revenue for the various conglomerates that track your every move.
1. Re:For mobile by Anonymous Coward · 2017-04-01 02:24 · Score: 0
  
  Mod parent up.
  Reinventing the wheel, with strings attached.
2. Re:For mobile by dgatwood · 2017-04-01 03:15 · Score: 4, Insightful
  
  The only thing I want less than Facebook vouching for my identity (and thus being able to impersonate me, see everything I do, etc.) is my ISP doing so. We're already in a situation where the privacy protections that prevented ISPs from horribly abusing that power just got shot down by Congress. And many ISPs have a long history of treating privacy as an afterthought (at best).
  What we need is not federated logins. We do not need a single password on a server somewhere to be the keys to the kingdom. This is a breach of proper security design at a fairly fundamental level.
  No, what we need is a law requiring all U.S. websites to A. allow autofill, B. always provide username and password fields on the same page (none of this "ask for the username, then click, then ask for the password" crap that breaks many password autofill systems very badly) and C. provide an HTTP(S) header containing the URL to an HTTPS endpoint that returns a form with four fields: username, old password, new password, and some standard checksum scheme to ensure that the form values were not truncated in transit. The form can, at the website's option, either use JavaScript (if the auth scheme requires client-side processing) or not (99.9% of websites), but submitting it must change the password unless the original password is wrong, and must trigger a full page load of a page containing exactly the text "403 FORBIDDEN" (in plain text, and nothing else) if the password change failed. (In the case of JavaScript-driven auth, this could be as simple as changing the location to /403.txt after getting back an error.)
  As soon as all websites conform to that standard, passwords basically cease to be a problem. Your in-browser password manager (whether the one built into the browser or your choice of third-party extensions) can just have a "change all" button so that if your passwords get compromised somehow, you can change them all to random values and optionally sync them with whatever cloud password system it uses.
  And any servers that are serious should also use cookies to keep a per-device token with some sort of callback-based verification (phone, text, email) before allowing the device to join. Such tokens should be automatically refreshed if needed as part of the password change mechanism so that changing a password doesn't invalidate the current device (and ideally should not invalidate other devices on the account). Such a website should provide a way to log out other devices. That sort of thing should, of course, be entirely optional, and is orthogonal to the password management issue, though perhaps such features should be required for any website that stores bank account numbers (not CC numbers) or provides access to bank accounts, stock portfolios, or retirement plans.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
3. Re:For mobile by meatspray · 2017-04-01 03:47 · Score: 1
  
  This is so they can sell your browser history while telling you they're not selling your browser history. It also makes it legal to sell you out after the government revokes the right to sell that crap in 4-8 years.
4. Re:For mobile by messymerry · 2017-04-01 06:16 · Score: 1
  
  Yup, henceforward, I will be using Tails a whole lot more often. Let them sift through all that silt... The EVIL TRINITY: Big gov, big biz, big media. I'm avoiding all this FUD as much as I can. ;-)
  
  --
  Dear Microlimp: I give you 2 valid product keys for win7 and you reject both of them. Piss off you wankers!!!
5. Re:For mobile by Raenex · 2017-04-01 14:07 · Score: 1
  
  No, what we need is a law
  No. Just no.
6. Re:For mobile by epyT-R · 2017-04-01 15:07 · Score: 1
  
  No. We don't need a law. I want nothing to do with your version of the internet. What we have is bad enough as it is. The only thing protecting us from total information assault is pseudonymity.
7. Re:For mobile by Anonymous Coward · 2017-04-02 11:43 · Score: 0
  
  (I know your cell phone... I log in wherever?)
8. Re:For mobile by dgatwood · 2017-04-03 06:03 · Score: 1
  
  What does requiring websites to provide browsers with a mechanism for updating passwords programmatically have to do with preventing pseudonymity? The two are completely orthogonal.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
9. Re:For mobile by dgatwood · 2017-04-03 06:05 · Score: 1
  
  Good luck getting broad adoption of the needed security mechanisms in any other way. Remember, even banking websites generally do the minimum security work required by law and/or their contracts with credit card companies.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
10. Re: For mobile by Anonymous Coward · 2017-04-03 08:10 · Score: 0
  
  I basically agree except cookies don't follow same-origin policies, and being sent with every request breaks many caches.
So at what point does Facebook *become* the govt? by Anonymous Coward · 2017-04-01 02:01 · Score: 1

At this point Google/Facebook/one or two others have at least as much power over the internet as the actual government has over the real world and aren't bound by pesky things like the constitution or diligently-enforced antitrust regulations, and as more of the real world relocates to the internet, that power will only grow. Identification, banking, censorship, surveillance, Ministry-of-Truth-ing the news, thought-policing people and businesses via their monopoly on advertising...
Eventually "It's a private company!" stops being a good enough excuse.
Reinvent identd? by Anonymous Coward · 2017-04-01 02:01 · Score: 1

Sounds to me like identd, with all the same features and flaws.
Reinventing identd by Cogline · 2017-04-01 02:09 · Score: 2

Looks like they've reinvented identd, with all the same features and flaws.
how long until traditional logins go away? by Anonymous Coward · 2017-04-01 02:12 · Score: 1

I know plenty of people who use the Facebook form of login everywhere they can.
If these things become too common sites may find it not worthwhile to maintain their traditional login process any more, leaving those of us without Facebook out of the picture.
That is always the way these things go: first the stupidity is optional, then it is entrenched, then it is unavoidable.
1. Re:how long until traditional logins go away? by Anonymous Coward · 2017-04-01 03:20 · Score: 0
  
  Just tell those using Facebork everywhere that they are giving FB details on their life, more details than you give by posting on FB.
  The more data FB (and Google and others) has on you, the more money they can make selling YOU to the Ad slingers.
  YOU are giving them your life on a plate.
  All is not lost.
  YOU, yes YOU can stop it in an instant. Give up using GOOGLE, FACEBOOK and the rest.
  Get a life off of Social Media.
  It does work. I'm 2 years free of FB, Google and the rest.
  And it might save your life when waling down the street. No more looking at your phone every second so see if someone has said something about you.
  Instead you can see thr world, glory at all those sad sacs who are addicted to Social Media.
2. Re:how long until traditional logins go away? by Anonymous Coward · 2017-04-01 03:52 · Score: 0
  
  Just tell those using Facebork everywhere that they are giving FB details on their life
  They know. They see the creepy ads knowing things it's "weird" to know.
  They don't care. It's synonymous with the internet for them. It's how they stay in touch with everyone in their lives. It's how they get their news. They can't imagine a world without it.
3. Re: how long until traditional logins go away? by Anonymous Coward · 2017-04-02 22:32 · Score: 0
  
  Me too. Best thing I ever did was get rid of all social media. Now when I meet people I can honestly ask them " whats up?" and am interested to hear.
Already in use in Finland by Anonymous Coward · 2017-04-01 02:48 · Score: 1

We already have this or a similar technology in use in Finland. It requires to get a special sim card and then you can log in to government sites by entering your phone number. Just used it today to log in to a site where I see my medical records and drug prescriptions. It's not limited to government sites, but not really main stream yet I think, there are some accounting SaaS sites etc. that also use it.
It's a massive social network by rsilvergun · 2017-04-01 04:08 · Score: 1

if you want people in your life it's a good way to do it, especially if you're an extroverted nerd. Yeah, they exists (and they're among the most unfortunate folks in a modern world). There's tons of D&D, Warhammer, Overwatch and general gaming/meetup forums built around them.

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Re:So at what point does Facebook *become* the gov by Anonymous Coward · 2017-04-01 04:45 · Score: 0

that power will only grow. Identification, banking, censorship, surveillance, Ministry-of-Truth-ing the news, thought-policing people and businesses via their monopoly on advertising...
You are correct. That is the path we are on.
You want to know what's really scary? It appears to be what most people want.
Re:Log in manually problem solved by Anonymous Coward · 2017-04-01 05:05 · Score: 0

If you can remember a phone number you can probably remember a password between 8 and 16 characters without issue.
It sounds good, but it doesn't scale. To be secure you need high entropy passwords, which are exactly the kind that's hard for humans to remember. Then you might remember a few, but people tend to have dozens of sites they log into, and there's no way people are going to remember that many high entropy passwords.
So either they'll use the same one everywhere, which is really bad, or maybe they'll append a small sequence to each one for that site, which is not much better.
Oh joy by Impy+the+Impiuos+Imp · 2017-04-01 05:23 · Score: 5, Insightful

It isn't about security. It's about tying together your surfing on disparate web sites into one big automated database to sell you targetted advertising.

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Re:So at what point does Facebook *become* the gov by RotateLeftByte · 2017-04-01 05:28 · Score: 1

they have more power than the Government but don't tell Donald that. He won't like it.
He thinks that 'He rules the world'. When in fact, Google and Facebook do.

--
I'd rather be riding my '63 Triumph T120.
Re: Log in manually problem solved by Anonymous Coward · 2017-04-01 05:37 · Score: 1

Correct horse battery staple.
xD
Re: Log in manually problem solved by Anonymous Coward · 2017-04-01 07:06 · Score: 0

Correct horse battery staple.
I'm a huge fan of Randall and all, but it's insufficient entropy, and also you'd need to memorize one per site.
Re: Log in manually problem solved by Anonymous Coward · 2017-04-01 07:22 · Score: 0

Those are some of the most common dictionary words in the english language. Combining 4 of them is probably roughly on par with a 7 character random password composed of letters and numbers. It's probably OK for things you don't care much about...
Cannot login, call telco by Anonymous Coward · 2017-04-01 08:26 · Score: 1

Telco Support here. How may I help you?
I cannot login.
That's fine sire, we'll send someone over right away.
When?
In the next 2 to 7 days, between 8 a.m. and 5 p.m. Eastern.
Will that be all?
Yes. ;=(
Missing the point? by Anonymous Coward · 2017-04-01 13:36 · Score: 0

"Gearing up"? You mean using Congress to sabotage your competitors' product? Because that's what's really going on.
Everyone on this planet is born with a valuable piece of intellectual property: an identity. Defend it--you own the copyright! Stop calling it "privacy". It's not about privacy.
I don't use Facebook Login by rickb928 · 2017-04-01 13:59 · Score: 1

And i do use Google tools to save passwords/usernames.
I maybe shouldn't trust Google, but I know i should not trust Facebook.

--
deleting the extra space after periods so i can stay relevant, yeah.
Re:Log in manually problem solved by epyT-R · 2017-04-01 15:12 · Score: 3, Informative

keepass..
As a CenturyLink customer... by Anonymous Coward · 2017-04-01 16:11 · Score: 0

I only have a tin can on the end of a string in my house. How's that supposed to work?
That's why I don't belong to Facebook... by Anonymous Coward · 2017-04-01 18:02 · Score: 0

When Facebook and other ilk like it appeared, I had a gut feeling to not join. No specific reason. But this thread has nailed the big reason why I never signed up:
Because I don't want to stay shallowly connected to the masses of humanity or my family!
Thank you.
Method #3 by Excelcia · 2017-04-01 18:22 · Score: 1

There are two ways to log in on websites: try to recall the email address and password you registered with -- or ... (snip)

Or pick , door #3.
Aadhar(UIDAI project in India) by Anonymous Coward · 2017-04-02 04:55 · Score: 0

In India, government has brought in UIDAI, which cover now 1 billion people for authentication, which forms a basis for providing govt benefits, payments and what not to individuals who are even on feature phones. Worth checking for those interested.