But it really is good enough for the business offering WiFi.
If Facebook validation causes 90% of their visitors to simply hit the "sign in" button on their default Facebook account, they have probably reduced a significant amount of bad behaviour on their network.
The fact is the vast majority of people are already connected to Facebook under their real names on their mobile device at all times. Taking advantage of that (minimum security through "ease of use") is a good idea.
The person who goes to the store and uses a fake Facebook account to use their free WiFi maliciously is almost non-existent. People will just take the path of least resistance to get what they want now.
Stop thinking of their security in terms of how to circumvent it — that's easy — think of security in terms of which path most users will flow along. Then look at the tradeoffs of increased security to handle the remaining users, you generally find it's not worth bothering with them.
The few people who do want to use the wifi maliciously will find creating a fake Facebook account a very minor obstacle to overcome. Therefore, I don't see what benefits it provides to the business.
How about data provided to the business on who their customers are? This seems especially genius in that it doesn't even require the extra step of "checking-in", but can provide the business with the same data.
If Facebook validation causes 90% of their visitors to simply hit the "sign in" button on their default Facebook account, they have probably reduced a significant amount of bad behaviour on their network.
The fact is the vast majority of people are already connected to Facebook under their real names on their mobile device at all times. Taking advantage of that (minimum security through "ease of use") is a good idea.
The person who goes to the store and uses a fake Facebook account to use their free WiFi maliciously is almost non-existent. People will just take the path of least resistance to get what they want now.
Stop thinking of their security in terms of how to circumvent it — that's easy — think of security in terms of which path most users will flow along. Then look at the tradeoffs of increased security to handle the remaining users, you generally find it's not worth bothering with them.