venomous porridge
I’m Dan Wineman and sometimes I post things here.
You should follow @dwineman on Twitter, if you feel up to it.
You can even if that's what you're into.

Archive

Feb
11th
Thu
permalink

Things people try to log into

mrgan:

Regarding this morning’s amazing occurrence where people who had googled for “facebook login” and got taken to a news story about Facebook then assumed that the news website was Facebook itself…

Flickr user jimwhimpey posted screenshot of login pages for Facebook and MySpace; this resulted in comments from users trying to log in to those websites using small screenshots of them, or even assuming that they’re already on Facebook, talking to their high school friends and hot ladies. There are also spam/scam posts, of course.

And here’s another post about Facebook login with loads of similar comments.

There’s also a small, black market of websites offering to “help you log in to Facebook.” I won’t link to any for obvious reasons; I’ll bet good money they won’t actually help you log in to Facebook.

Is this just an outcome of Facebook’s monstrous popularity? Is it because Facebook redesigns all the time? Is their login form confusing? Note that when you start searching for “trouble log…” on Google, it autocompletes with “…logging into Facebook.” Facebook is also the top suggestion for “can’t log in…”

Man, Facebook - what the hell.

I suspect it has something to do with this, and things like it:

That’s how you leave a comment on the original ReadWriteWeb piece, and it explains why those misguided commenters have profile pictures and full names and Facebook profile links attached to their comments.

In other words, the page actually says “sign in with Facebook.” And clicking the Facebook link summons a popup window with Facebook branding that accepts your Facebook credentials. And we’re surprised that people are confused?

This is called Facebook Connect, and it’s a very bad thing for security and user education. Teaching people to check that the URL starts with facebook.com before logging in is useless, because Facebook wants its users to log into anything that vaguely looks Facebookish, and it’s training them to do so. How is anyone expected to distinguish Facebook from a phishing site masquerading as Facebook, when Facebook Connect looks and acts like a phishing site by design?

In other words, this is Facebook screwing up yet again. We should be angry at them, not at their users, because the mistake the users are making is one that Facebook has all but engineered.

Comments (View)
blog comments powered by Disqus