Are Single Sign on Social Logins Safe?
A Social login is a single sign-on process where existing information from social networking sites such as Facebook are used to register on a 3rd party website.
Here are the steps to login using Social Login:
1. A user accesses the portal of a third party website asking to register.
2. The third-party website asks the user to register by either creating a unique username and password or use his/her Facebook login to sign in instead. The website then presents a Facebook widget that is complete with the Facebook logo right on its portal. The user then uses this widget to sign in and register.
3. By using that Facebook widget to sign in, the user saves time and effort of having to create a username and password that must be unique to that website. Instead the website will let that user enter by using his Facebook credentials. More often than not the user agrees to use his Facebook credentials for the reason of convenience. He then inputs his username and password onto the widget for verification.
4. Next, Facebook authenticates and verifies the credentials of the user. Once it is verified, Facebook accepts the login creds and communicates to the 3rd party website that the applying user is legitimate and true.
5. The 3rd party website acknowledges as it verifies with Facebook, and eventually authenticates the users login. The website then processes the registration of the user and approves it
6. The user is now a registered member of the website, and can now access the portal using only his Facebook username and password.
Convenient, isn’t it? But is it safe?
Is it Safe to Use Social logins?
Whenever we sign up for a new account on a website, we, as users, tend to want to have it easier (who doesn’t anyway). We try to speed up the process of registering by reusing old passwords or even using passwords that we currently use for other sites. Mostly we end up with one password that we punch in all across the sites that we access.
Not really a secure option.
We all know that, if you have only one password that you use to access all of the sites that you are a member of, it’ll take just one security breach for your other accounts to be potentially compromised. Apparently, Facebook came up with an idea to solve this problem and created a service that lets it act as a password manager.
In a social login situation Facebook supposedly takes care of your security while providing the convenience of just having one password to access almost all of the sites that you visit. Therefore, Facebook essentially acts like your password manager managing for you, for free. Not really.
At any point that you use your social login, you are essentially allowing Facebook to share marketing information to that site that you want to register to. Although to be fair, there are certain protocols that they follow to keep your personal information private, and it’s just some aspects that they share with the 3rd party website.
Information that might be shared is behavior tracking for personalized ads and customized content. This is in reference to the Cambridge Analytica Issue. Basically, you as the user surrender some information about yourself to the 3rd party website that will be provided by Facebook. To some people giving up information about their buying habits, may sound like a fair trade for convenience and some level of security.
This is the reason they agree to use social logins instead. As for some, it is a concern.
According to loginradius.com, in 2016 (the latest available data) over 90% of users use social login to avoid the tedious registration process that most websites require, and there has been no update since. So far, reported Facebook security breaches did not include reports of social logins being used to breach other websites too. A possible unwanted domino effect.
Pros of Social Logins
• Faster registration process
No more having to repeatedly input passwords that don’t match or are too weak. All you have to do is punch in your social login user name and your password, done. Quick and easy.
• No more forgetting passwords because of too many passwords to remember
• Social logins are generally recognized as more secure than your standard email password logins.
Since big companies like Facebook care a lot about their cybersecurity they spend unlimited funds to maintain the safety of their accounts.
Cons of Social Logins
• If by some rare event that your social login is breached, so does all of your other accounts.
• Information sharing about you is being done since you agree to use the social login option.
And they don’t have to inform you every time they do it.
Admittedly, security is very much an issue, social networks are not nearly as secure as they try to look like. Obviously, it’s more of a privacy thing. Are you willing to let big tech companies share data about your general preferences? Or What apps you might be using? What you do in those apps, and how long you use those apps? It’s not really clear how the host company shares your information, but yes it’s the trade-off.
So, Should I Be Using Social Logins?
Given that it has been in use for a number of years now since its first offering, we can say that in terms of security there is some layer of protection involved. Apparently, the larger concern lies in the question of privacy. Overall, it all boils down to whether you’re comfortable with being targeted by customized ads, only because they know what your preferences are. It’s a little bit of your privacy in exchange for an easier time and some peace of mind.
Either way, the choice is yours to make.
via Social Media Explorer https://ift.tt/2onGYog
May 25, 2020 at 06:44AM