Facebook announced that a security breach allowed hackers to infiltrate the accounts of at least 50 million users. The hack gave attackers access to not just your Facebook account but also possibly the many accounts you used Facebook to log in with — services like Instagram, Spotify, Airbnb, Tinder, Pinterest, Expedia, The New York Times and more than 100,000 other places online.
Facebook should be disqualified from acting as your sign-on. Facebook offered to carry keys for every lock online. The arrangement was convenient — FB was always ready to unlock anything for you. If the entity with which you trusted your keys loses your keys, you take your keys elsewhere. And there are many more-secure and just-as-convenient ways to sign on to things online.
The best way is to use a dedicated password manager — a service, like LastPass or 1Password, that creates and remembers strong passwords for different sites. Operating systems and browsers are also getting better at managing passwords.
When presented with different ways to sign on to sites, you can choose Google or Microsoft instead of Facebook.
It’s possible those companies could be hacked one day, too. After all, Yahoo was hacked, as was LinkedIn, as was Equifax. But at this moment, a sign-on service by Google or Microsoft has one big advantage over Facebook’s: Those companies did not lose control of 50 million people’s accounts, and Facebook did.
A spokesman for FB said Facebook’s sign-on was still more secure than the weak passwords that people create and reuse for everything.
Anyway, When I see the blue Facebook button offering an easy way to sign up for this or that digital doodad, I’m not tapping it.