Facebook tops security ratings among social networks

Facebook is the most secure social networking site among the major players, thanks to improved privacy controls and support for more secure two-factor authentication technology, but the social media sector as a whole remains vulnerable to different types of account takeover.

According to a study released Tuesday by access management vendor Cerby, the biggest area of concern common to the five platforms it studied — Twitter, Facebook, Instagram, TikTok and YouTube — was poor support for enterprise-grade authentication and authorization technology. Cerby said that support for cross-environment authorization technology like Simple Cloud Identity Management (SCIM) and Security Assertion Markup Language (SAML) would go a long way toward securing social media networks more effectively.

“Without these standards, political figures and businesses are vulnerable to several security risks, including credential reuse attacks,” the report said in part. “The unchanged nature of these scores from 2022 to 2023 highlights a misalignment concerning enterprise-grade security controls within these platforms.”

The news was brighter for other types of security controls. Facebook, YouTube and Twitter all support the FIDO2 framework, an open standard that uses authenticators like smartphone or hardware security keys to provide two-factor authentication — an improvement over time-sensitive passcodes sent via SMS.

Access privilege management was generally strong across the social networks studied by Cerby, with no company rating lower than three out of five. (The report uses a six-point scale to rate the social platforms across six different criteria, with a zero meaning no support and no roadmap for incorporating a particular feature, and five indicating full, mature support.)

Ahead of major elections in the US and EU, the broadly positive outlook for social media security shouldn’t distract organizational users and the platforms themselves from making continual improvements.

“The significant need for progress in enterprise-grade authentication and authorization across social platforms remains challenging,” the report said. “These platforms broadly fall into the nonstandard application category, needing more support for common security standards like SAML and SCIM, leaving politicians and businesses adrift in turbulent waters with minimal oversight from IT and security teams.”

Cerby offered three major pieces of guidance for political leaders and businesses looking to employ social media in the safest way possible. First, password managers integrated with corporate identity providers should be used to minimize the dangers posed by reused or weak passwords. Second, the strongest possible two-factor authentication methods should be used — the company suggested hardware-based security keys like YubiKey. Finally, integrating social media platforms with existing SSO platforms like Azure Active Directory or Okta can help centralize management of credentials and access tokens.