Ive just come off 'Gigya's' latest Webinar about the power of social login for marketing. You know, when you go to a website and your asked to create an account but you also have the option to simply join by using your facebook account. Well there is a big problem with this and its not going to be long before hackers are all over it. People dont realise that when they hit the 'login with facebook' account of whats actually happening and even for a professional its difficult to determine.
The issue is that the social login window is often sized very small and is not sizeable and you cant see the address its pointing at, so it might offer a fake one first, collect your login and password, say there was an error and ask you to try again, then offer you the real one and let you in so you dont think youve been conned. People do this dozens of times per week and just trust that the little box is really connecting to facebook. Invariably, the peoplke caught out by this will be the same people that use the same id's and passwords for ebay/paypal/banking apps etc. I think its about time there was some sort of security lockdown on this to allow users to feel safe that they were only ever typing their credentials into facebook.