Do you need to sign in with Google or Facebook on other websites?

Digital Security

Why use and monitor a zillion discrete accounts when you can log into dozens of apps and websites with your Facebook or Google credentials, right? Not so fast. What is the trade-off?

One login to rule them all: Do you need to sign in with Google or Facebook on other websites?

“Keep up with Google” – such a neat way to sign up and log in to a website or app, especially since you’re probably already logged in to your Google account. All you have to do is tap or click the button and allow some of your personal data from your Google account to be shared with third-party online services.

Because convenience is often the name of the game these days, many sites allow you to log in with your Facebook, Google, Microsoft, LinkedIn, Apple or other major tech account. that company. Usually there is no shortage of options to choose from and satisfy all preferences.

Figure 1. Example of SSO options for logging in or creating an account
Figure 1. Example of SSO options for logging in or creating an account
Figure 2. Additional SSO options
Figure 2. Additional SSO options

On the other hand, if you link your Google login to another service, you allow Google to share your personal information in exchange for ease of access and convenience. How safe is that?

To help you strike a balance between security and convenience, we’ve compiled the pros and cons of using a different consumer authentication method called Single Sign-On (SSO), also known as social login, for your personal online accounts. .

One login rules them all!

First of all, what exactly is SSO? This is an authentication method that allows an organization to gain authorized access to your personal information while enabling you to sign up and log in to its services instead of requiring you to register. through a standalone form.

No wonder this practice is so common all over the internet:

  • Ease of registration and access. Instead of bothering to fill out another form with your first name, last name, phone number or email address, you can click on your preferred SSO option and share those (but possibly other) details of a new app or website. (The important thing is your password never shared by the website – instead, your identity is verified by an authentication token.)
  • Attraction and user acquisition. Online services know all too well that the easier it is for you to sign up and sign in, the more likely you are to do it – and come back again.
  • No more password fatigue. Different websites have different password requirements; Additionally, we must use a unique username and password combination each time. But thanks to this SSO implementation, setting up a strong password using just one of the major internet platforms can give you access to hundreds of other websites, greatly reducing the number of passwords you need to create and memorize.
  • Better control of self-imposed account compromises (in some cases). While our lists of passwords may be too extensive to remember, many people may keep track of their credentials on paper or in an Excel spreadsheet. But what if someone gets their hands on this password list? Simply remembering the password for your Google account and securing the account properly can reduce the need to create, and then depend on, a poorly protected list of passwords (for example, if administrators of password is none of your business).

So, should you always use SSO?

The answer is clear: no, there are also some failures. More specifically, while SSO delivers some serious benefits to the user, it opens you up to risks that may not reveal themselves until it’s too late. What are some of the implications?

  • All your eggs are in one basket. If your Facebook or Google credentials fall into the wrong hands, this not only gives cybercriminals access to an account of yours, but also to all other websites you link to it. Which brings us to the next point…
  • Guard your primary account “like your life depends on it”. A strong password – perhaps in the form of a passphrase consisting of a sentence that mixes upper and lower case letters and numbers – can be key to protecting your accounts and personal details. If for some reason you don’t use a password manager, maybe consider choosing a passphrase in a format that allows you to add the name of the website to it – but without the whole string being predictable.
  • Privacy concerns. When you link accounts, you allow your personal information to be transmitted to the website – and, given how easy it is to set up, you may be agreeing to the transfer of more information than you realize. And while Facebook, Google, Microsoft, or Apple allow you to check all your third-party connections, revoking access doesn’t mean you’re also revoking a website’s permission to use your data. Also, if, after “removing connections”, you go to the same website again and use your preferred social login, you will be logged in as before – as if you had not revoked access.

Figure 3. Revoking permission for Google to link your account to another website
Figure 3. Revoking permission for Google to link your account to another website
  • User attraction and acquisition (and the implications for your digital footprint). True, we list effective user acquisition as one of SSO’s advantages for apps and websites, but it can be a double-edged sword. If you sign up for apps or websites you don’t really need, how long will it take you to forget about them? To help combat that, be sure to keep track of all the websites you register with and what personal information about you they store – for example, your credit card information may be stored on a website you used once and forgot about. While this may happen regardless of how you log in, the hassle-free nature of the “express” method may make it easier for you to forget all the apps or websites you previously signed in with your Google or Facebook. account.

So, to SSO or not to SSO?

When combined with other safety and privacy measures, social logins can be a great time saver. But in the case of websites that hide your personal information such as your full name, address, bank details, or credit card numbers, it is safer and more secure to choose a standalone account secured by a complex and unique passphrase, with two-factor authentication (2FA).

In short, consider using SSO if you:

  • enable – and we can’t stress this enough – two-factor authentication (2FA) on the main account, as this will make it difficult for anyone to impersonate you online,
  • trust the platform you use to access another website – trust is a volatile thing, however, and you still need to take other precautions,
  • use payment services such as PayPal or a virtual credit card as payment options for any website you access using SSO; This will help you avoid leaking your bank details,
  • use your main account’s settings to track all the websites you’ve linked to it.
Figure 4. Manage third-party apps and Google SSO permissions
Figure 4. Manage third-party apps and Google SSO permissions

Is there another way?

Balancing easy access to all your online accounts with keeping them secure can be a challenge. Here are other ways to do this than through social logins:

An obvious alternative involves creating a standalone account for each service and using a password manager that eliminates the headache of creating, managing and filling in your login credentials. Another option is relying on a disposable email address, especially for websites you don’t care about or plan to use again. In addition, some governments have created a unique citizen ID which gives people online access to services offered by some public and private organizations.

Whichever method you choose, you can enjoy your online presence without too much trouble (or haste) as long as you stick to general cyber-hygiene practices, including avoiding giving out your credentials, use 2FA and stay aware of your entire digital footprint. .

Leave a comment