Cyber Security

Do you have to sign in with Google or Facebook on other websites?

esteria.white
By esteria.white Add a Comment

Digital security

Why use and track millions of discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What is the compromise?

Andre Lameiras

October 23, 2023

,
6 minutes. read

One Login to Rule Them All: Should you log in with Google or Facebook on other websites?

“Continue with Google”: A very easy way to sign up and log in to a website or app, especially since you’re probably already signed in to your Google account. All you need to do is tap or click the button and allow some of your personal data from your Google account to be shared with the third-party online service.

Since convenience is so often the name of the game these days, many sites allow you to log in using your Facebook, Google, Microsoft, LinkedIn, Apple, or other account with a major tech company. There is generally no shortage of options and something to suit all tastes.

Figure 1. Example of SSO options for signing in or creating an account
Figure 1. Example of SSO options for signing in or creating an account
Figure 2. More SSO options
Figure 2. More SSO options

On the other hand, when you link your Google connection to another service, you allow Google to share your personal information in exchange for ease of access and convenience. Can this be safe?

To help you balance security and convenience, we’ve rounded up the pros and cons of using a consumer authentication method called Single Sign-On (SSO), commonly also known as social login, for your personal online accounts. .

One connection rules them all!

First of all, what exactly is DED? This is an authentication system that allows an organization to gain authorized access to your personal information while allowing you to register and log in to its services instead of requiring you to register through an stand-alone form.

It’s no wonder this practice is so common on the Internet:

  • Easy registration and access. Instead of having to fill out another form with your first name, last name, phone number or email address, you can simply click on your preferred SSO option and share these details (but perhaps others too) with the new app or website. (Above all, your password is Never shared with the website – instead your identity is verified via an authentication token.)
  • User attraction and acquisition. Online services know very well that the easier it is for you to sign up and log in, the more likely you are to do so – and come back.
  • No more password fatigue. Different websites have different password requirements; Additionally, we should use a unique username and password combination every time. But with this implementation of SSO, setting up a strong password on just one of the major Internet platforms can give you access to hundreds of other websites, significantly reducing the number of passwords you need to create and memorize.
  • Better prevention of self-inflicted account compromise (in some cases). As our password lists become too long to remember, many people may keep their credentials on paper or in an Excel spreadsheet. But what happens if it happens to someone get your hands on this list of passwords? Having to remember only your Google account password and properly securing the account can reduce the need to create and then rely on a poorly protected password list (for example, if password managers passes are not your thing).

So, should you always use SSO?

The answer is clear: no, there are also some disadvantages. Specifically, while SSO offers serious benefits to users, it exposes you to risks that may not become apparent until it’s too late. What are the implications?

  • All your eggs are in one basket. If your Facebook or Google credentials fall into the wrong hands, this not only gives cybercriminals access to your account, but also all other websites you linked to. Which brings us to the next point…
  • Protect your primary account “like your life depended on it.” A strong password – perhaps in the form of a passphrase consisting of a phrase mixing upper and lower case letters and numbers – can be essential to protecting your accounts and personal information. If for some reason you don’t use a password manager, you may want to consider choosing one. passphrase in a format that allows you to add the website name to it – but without making the whole string too predictable.
  • Privacy issues. When you link accounts, you consent to the transmission of your personal information on the website – and, because of the ease of setup, you may be consenting to transfer more information than you think. And even though Facebook, Google, Microsoft, or Apple let you verify all your third-party connections, revoking access doesn’t also mean you’re revoking a website’s consent to use your data. Additionally, if after “deleting logins” you access the same website again and use your preferred social login, you will be allowed access as before, as if you had never revoked access.

Figure 3. Revoking Google's consent to associate your account with another website
Figure 3. Revoking Google’s consent to associate your account with another website
  • User attraction and acquisition (and the implications for your digital footprint). It’s true that we’ve listed effective user acquisition as one of the benefits of SSO for apps and websites, but it can be a double-edged sword. If you end up signing up for apps or websites you never really needed, how long before you forget about them? To avoid this, make sure you keep track of all the websites you have registered with and what personal information about you they keep. For example, your credit card information may be stored on a website that you used once and forgot about. While this can happen regardless of how you sign in, the seamless nature of the “express” method may make you more likely to forget about any apps or websites you signed in to once with your Google account or Facebook.

So, SSO or not?

When combined with other security and privacy measures, social logins can save you a lot of time. But in the case of websites that store your personal information such as your full name, address, banking details or credit card numbers, it is safer and more secure to opt for a standalone account secured with a phrase complex and unique secret, accompanied by two-factor authentication (2FA).

In short, consider using SSO only if you:

  • allow – and we cannot emphasize this enough – two-factor authentication (2FA) on the main account, as this will make it more difficult for anyone to impersonate you online,
  • trust the platform you are using to access the other website – trust is a fickle thing though and you should still take other precautions,
  • use payment services like PayPal or a virtual credit card as payment options for any website you accessed via SSO; this will help you avoid disclosing your bank details,
  • Use your main account settings to track all the websites you linked to.
Figure 4. Managing third-party apps and SSO permissions on Google
Figure 4. Managing third-party apps and SSO permissions on Google

Is there another way?

Finding a balance between easy access to all your online accounts and keeping them secure can be a challenge. Here are other ways to achieve this than through social connections:

An obvious alternative is to create a standalone account for each service and use a password manager it can relieve headaches create, manage and automatically fill in your login credentials. Another option is based on a disposable email address, especially for websites that you don’t really care about or plan to reuse. In addition, some governments have developed a unique citizen identifier which gives people online access to services offered by certain public and private organizations.

Whichever approach you choose, you’ll enjoy your online presence without much hassle (or fuss) as long as you follow general cyber hygiene practices, including avoiding giving away your credentials, using 2FA and remaining aware of your full identity. digital footprint.

Leave a comment
Lost your password?