Security and Privacy Risks when using Social Logins
February 17, 2020 / Knowledge

Security and Privacy Risks when using Social Logins

When signing up to a new account, there’s always this temptation to login as quick and easy as possible. To do so, we fall into a trap of reusing passwords, saving our login details into a browser, or, most commonly, pressing on those social sign-up buttons: “Log in with Facebook”, “Log in with Google”, etc.

The latter trap deserves a separate discussion due to its merely known risks. Having chosen a transparent, honest and reliable way of communication with users about cyber security, we feel the necessity for guiding you through social logins and their risks.

Traditional login

The main type of logins for a long time was traditional logins. It is a combination of username/phone number/email address and a password in order to sign-in to an account.

Social login

Social logins (or social sign-ins), on the other hand,  replace the traditional logins. They log in a user to a third-party website by using already existing user’s information in user’s social network such as Facebook, Google, Twitter, Instagram etc.

How does social login work?

Behind each social login, there’s usually an OAuth standard authentication doing its job. In a nutshell, this protocol transfers information from a social network to a third-party app which identifies auser and unlocks the entrance to it.

When signing up, each user gives consent to share their data with a third party website. But… who reads it?

Why do users prefer social logins?

According to statistics, 90% of users prefer social login over the traditional login for a few reasons:

  • Quick registration process

    As there’s no need to think neither about a unique username and password, nor about a safe password storage, the login process becomes very convenient – quick and simple.

  • Less passwords to remember

Each account with traditional login requires creating a separate username and password. How many times have you forgotten your login details and pressed the “Forgot password” button? Social logins solve this issue.

Major dangers of social sign-ins

However, user convenience has its cost. That’s where real risks and dangers come in.

Privacy issues

When a user registers to a website via social login, his profile data and personal preferences are shared between a social network and a third party website .

Shared data might include user’s behavior tracking and using this data for personalized ads and customized content (as it was in Cambridge Analytica issue). Thus, social logins as well raise serious questions of security of data and safe password storage.

Check which platforms have access to your Facebook account and what data they collect. You may be surprised what personal details you’re sharing. Better late than never, but you have a right to change these settings.

Security

A user gives his personal data to social networks and third-party websites by losing control over his data. Accordingly, if one of the parties gets hacked, login and personal data in all the websites (that had access) become vulnerable as well. And what about those random popular personality quizzes– you can never be sure where that collected information about you is stored, if and whom it is sold to, and how it is used (even against you).

After all, as massive social networks as Facebook, Twitter, Google occasionally get hacked, a blind trust can bring millions-costing outcomes, or at least serious risks to all your connected accounts and personal data.

Understanding the risks is the first step towards your data safety and privacy.

So, is there another way to login to a website easily and quickly, but not facing the dangers that social logins might bring?

Alternatives for convenient and safe password storage

There is one.

When signing up to a new website, resist the temptation to use a social login.

Instead, generate a new strong password and store it in a password manager – reliable and safe password storage. The next time you want to login to a website, autofill your login details with a click.

Now how does this strategy win over social logins?

Within only a few clicks you will:

  • have strong, secure, randomly generated passwords which will protect you from data breaches;
  • secure your personal data by not letting third-party apps share it with social networks (and reuse it in personalized content);
  • store your passwords in a place designed for safe password storage, and have full control over your data;
  • enjoy your complete privacy.

Ready to take your privacy and data security to the next level? There are two simple things you can do right away.

Scan through your privacy and data sharing settings in Google, Facebook, Twitter or other social networks you use and make some changes! In addition, check your activity on Google. Here you can see (and delete!) all the information Google stores about your actions online.

And finally, create an account in a reliable password manager and from now on take over the control of your sensitive data. In the end, you are the one it belongs to.