Facebook is the most secure social networking site among the major players, thanks to improved privacy controls and support for more secure two-factor authentication technology, but the social media sector as a whole remains vulnerable to different types of account takeover.
According to a study released Tuesday by access management vendor Cerby, the biggest area of concern common to the five platforms it studied — Twitter, Facebook, Instagram, TikTok and YouTube — was poor support for enterprise-grade authentication and authorization technology. Cerby said that support for cross-environment authorization technology like Simple Cloud Identity Management (SCIM) and Security Assertion Markup Language (SAML) would go a long way toward securing social media networks more effectively.
“Without these standards, political figures and businesses are vulnerable to several security risks, including credential reuse attacks,” the report said in part. “The unchanged nature of these scores from 2022 to 2023 highlights a misalignment concerning enterprise-grade security controls within these platforms.”
The news was brighter for other types of security controls. Facebook, YouTube and Twitter all support the FIDO2 framework, an open standard that uses authenticators like smartphone or hardware security keys to provide two-factor authentication — an improvement over time-sensitive passcodes sent via SMS.
Access privilege management was generally strong across the social networks studied by Cerby, with no company rating lower than three out of five. (The report uses a six-point scale to rate the social platforms across six different criteria, with a zero meaning no support and no roadmap for incorporating a particular feature, and five indicating full, mature support.)
Ahead of major elections in the US and EU, the broadly positive outlook for social media security shouldn’t distract organizational users and the platforms themselves from making continual improvements.