What’s the Downside of Logging Into Other Sites With My Facebook or Google Account?
The average person has 100 passwords to keep up with. We use passwords for everything from all our work applications to our online banking, and even websites we visit just for fun.
Keeping track of all those passwords has become a problem for online security, with people using passwords that are too weak and using the same password across multiple logins.
One way that users can reduce the number of passwords they have to remember is the “Login With Facebook” (or Google) option. This allows you to create a new account and access a site with your Google or Facebook login ID.
When you are accessing a site using this method, you’ll be served up a login form that is actually that of Facebook or Google. And if you’re already logged in, then it’s even easier, you often don’t have to reenter your details.
While this may be convenient, is it secure?
There are some serious drawbacks to using the “login with” method that make it not such a great option.
Why You Want to Rethink Using Login with Google or Facebook
You’re Sharing a Lot of Account Data
When you connect another online account with your Facebook or Google account, you’re giving that website or app a lot of access to your personal data.
It can access more information than just your login authentication. This includes everything from your birthdate on Facebook to your Google wallet with payment details.
For example, according to CBS News, here are some of the common information sharing activities that happen when using the “login with” option:
- Facebook Friends List: Trip Advisor will access your Facebook friends list when you sign in with Facebook in order to show you places they’ve traveled and sites they’ve reviewed.
- Google Wallet: When using your Google account to access Uber, you may be providing access to your payment details in Google Wallet, which is used for your ride payments in the app.
- Calendar: Scheduling or task apps like Doodle will access your Google calendar to pull appointment information.
While you should get a prompt when authorizing the site to connect with your Google or Facebook account, many users just bypass that without really understanding it. You may end up sharing more information than you like and compromising the security of those you’re connected with on Facebook.
Facebook or Google Outages Will Have Larger Impacts
We’ve all seen how widespread a long-term outage at a major cloud service site can be. In early October, Facebook had a major outage and was down for almost six hours. This wasn’t due to a hack; it was because of an internal network issue that basically cut Facebook’s data centers off from the internet.
Users that use “login with Facebook” found that their login authentication for other sites was also down, meaning they were locked out of more than just Facebook itself. Because the site was down it could not complete the authentication needed for access to the connected sites.
So, the more accounts you attach to a service like Google or Facebook, the higher chance you’ll have of being unable to access several sites instead of just the service that’s down.
One Account Breach, Means Multiple Account Breaches
Facebook account hacks are all too common. Most of us have seen a post by a friend or family member on the site at one time or another warning that their account has been hacked.
Social phishing is on the rise and one of the targets is a user’s Facebook login details. If a hacker breaches your Facebook account, then they’ve also breached all the accounts you have connected to your FB login by default.
All the criminal needs to do is access your account settings, and they can view the accounts that you have connected to Facebook. From there, they can go to the sites and click the “login with Facebook” option to gain access.
One of the password best practices is to use unique passwords for every account that you have. Using the login with Google or Facebook option violates that best practice and makes all your connected accounts less secure.
What Should You Do Instead to Manage Passwords?
It’s more secure to use a password manager to manage all your various passwords. This is an encrypted “vault” that will store passwords securely and provide unique and strong password suggestions for all your accounts.
It works in an app as well as a browser to make filling in passwords simple. Users only need to remember a single password to unlock the others.
Need Help With Online Security & Access Management?
Quantum PC Services can help your Sturgeon Bay business with smart access management solutions designed to improve password security without slowing your users down.
Contact us today to learn more! Call 920-256-1214 or reach us online.
