feed.reconfine.com

Things people try to log into

Dan Wineman’s explanation of the Facebook login thing:

This is called Facebook Connect, and it’s a very bad thing for security and user education. Teaching people to check that the URL starts with facebook.com before logging in is useless, because Facebook wants its users to log into anything that vaguely looks Facebookish, and it’s training them to do so. How is anyone expected to distinguish Facebook from a phishing site masquerading as Facebook, when Facebook Connect looks and acts like a phishing site by design?

In other words, this is Facebook screwing up yet again. We should be angry at them, not at their users, because the mistake the users are making is one that Facebook has all but engineered.

I understand the annoyance with Facebook Connect, but this doesn’t explain the facts I find the most amazing in this story:

People google for “facebook login” to log in to Facebook. I understand that they don’t use bookmarks and don’t type in facebook.com, but note that they don’t google “facebook”; they google “facebook login”. Clearly users don’t even see logging in as a function of the site itself; those are separate in the users’ mental maps. This is perhaps partly explained by the excess of websites which use Facebook as their authentication system, but it’s not the whole story.

They then click the small google result which says “News results: ReadWriteWeb” expecting they’ll be taken to Facebook.

They land on a page with an absolutely enormous heading saying ReadWriteWeb, below which is a headline, a byline, and endless paragraphs of what is even at the quickest glance obviously a news story.

They scroll all the way to the bottom of this completely un-Facebook-like page, with not a single thing in the way that would indicate this is a Facebook redesign.

They then go past the big heading saying Leave a comment and instead focus on the small link which says Optional: Sign in with Facebook. And don’t tell me these folks searched for “facebook” or “login” on the page itself.

The amount of information-ignoring necessary to go from 1. to 5. here is just stunning. The degree of faith people put in Google’s top result makes Catholics look like hippies.

I don’t really blame anyone here and I have no clue what the solution is. My only takeaway is that I’m terrified of dealing with technologies of this level of popularity.