With recent news regarding Facebook and Cambridge Analytica there has been an uptick in comments about the lack of safety provided by Facebook to their users. Websites like Facebook and LinkedIn are valuable assets for attackers when crafting spear phishing attacks because large amounts of personal data are available and can be used imitate company employees as a part of an attack on a company. If Facebook were to fall to the wayside like MySpace and Google Plus, attackers would have one less tool to use against their chosen victims.
There is an even more important effect that would be created if Facebook were to disappear. Many websites and services use Facebook as a way of authenticating and signing people into accounts. Without Facebook’s authentication service many users would have to fall back to using email accounts to authenticate online. Each site would be it’s own account which would lead to “account fatigue”. Account fatigue is the annoyance of having to keep track of a different username and password for every website users log into. To mitigate this, tools like LastPass and Keepass would likely see a steep rise in popularity. Any decent password manager includes a feature to create randomized passwords. This guides users towards having different and complex passwords for every site. This would reduce password reuse. A common attack is to gather usernames and passwords from stolen password databases and try the same username and password combinations on other sites in hopes that users use the same usernames and passwords, allowing the attacker to log in to accounts they should not have access to. Password managers make it easy to mitigate this risk because it is easy to generate a random different password for every website used.