If you’re looking to create a new account for your website, you probably have the option of using your existing Facebook, Google, or other account as your login. This method is commonly known as single sign-on (SSO). Facebook and Google connections are the most common services, but there are also services that add Apple, Twitter, and LinkedIn accounts.
The question is, should I use one of my existing accounts to log into this new site, or should I go to the trouble of creating a new account with my email address?
Sign up for new services very quickly using the single sign-on method. However, we have no control over the information shared when your account is activated. Your social media credentials will likely provide your email address, name, profile picture, etc. to the app, and may have access to personal information such as your date of birth and phone number. Ultimately, what gets shared depends on the policies of both the account you already have and the account you sign up for. The app should also provide text clarifying what is being shared during the signup process.
To work out all the details, I enlisted the help of cybersecurity experts Paul Bischoff and Dan Fritcher to detail how this SSO technology of his works. It also explains how Google, Facebook, Apple, and Twitter deal with third parties who access your data through them.
Single Sign-On Benefits
The main selling points of SSO are time savings and convenience. Skip the tedious registration process of filling out forms and fields. That information is likely to come from your social media accounts. It also reduces the hassle of keeping track of usernames and passwords, and which passwords match which passwords. After registering multiple accounts, this seems like an almost impossible task. An existing account acts as a key to access various services Third parties can collect data from this transaction, but they cannot see your social media passwords.
“On the whole, registering with social logins is no more secure than simply registering with an email and password,” Paul Bischoff, data protection specialist at Comparitech, said in an email. says. “Small apps and websites are likely to be less secure than larger social networks, so prioritizing social logins and not having to provide passwords and email addresses is a more secure option. However, developers have also been known to abuse social login credentials (see Cambridge Analytica).”
Some apps use linked accounts to provide useful files can also be imported. For example, Dropbox lets you send photos directly from Facebook to the cloud. Storage import. Productivity suites like Zoom and Slack can also sync with Google Calendar. However, you don’t necessarily have to use single sign-on to take advantage of these features.
Single Sign-On Drawbacks
SSO downsides are all a matter of personal preference and security. This method limits what is shared during registration. As mentioned earlier, apps may be allowed to scrape your name, photo, and contact information, but no matter which method you use, you likely entered a lot of this information when you signed up. . In some cases, new apps will be able to access more personal information, such as your age, location, and interests. These details may be used to serve personalized advertising or sold to data collection companies.
SSO may also pose more cybersecurity risks than regular registration . If a hacker obtains your social media login information through phishing or password leaks, they may be able to freely manipulate other accounts registered with that information. You can also lock your account to block access to his websites that use single sign-on. Additionally, if there is a service outage on Facebook or Google, his SSO functionality for that service may temporarily crash.
Facebook’s Data Sharing Policy
Like other services, Facebook will provide a name, email his address and profile picture once a one-time signup is initiated. However, Facebook may also provide third parties with access to information flagged under the umbrella of ‘Public Profiles’. This basically includes all information available on your profile page, including your age, gender, date of birth, relationship status, family information, hobbies, and other personal information such as devices used. You can even reveal your hometown, work history, education, religion, political leanings, and more.
Facebook collects a large amount of data, and as recent scandals and lawsuits have shown, it is willing to share this data with third parties. You can mark it as private using the options.
Google will share at least a user’s name, email address and profile picture with third parties during the single sign-on process. Some apps may also try to retrieve files, photos, messages, or calendar events stored in Google Drive. However, to access it, you must explicitly request these permissions.
Apps registered through Twitter are granted read access. This includes your screen name, profile picture, bio, general location, preferred language, and time zone. This app can also show you all tweet analytics, followers, mute and block list. Twitter, on the other hand, does not share your email address when you register unless specifically requested.
Apple’s SSO process is unique from the rest. Once registration is initiated, your name and email will be shared with third-party apps. However, users can edit their names before submitting them. You can also hide your email address. Apple will then generate a dummy address and automatically redirect you to your account. Forwarding can also be disabled in the future if necessary to prevent spam. Two-factor authentication is also a requirement for signing in to Apple. According to the company, no data is collected about interactions with the app.
What to Do About SSO
When using single sign-on, be aware of the information that is transferred. When presented with a choice of companies, choose the service that shares the least amount of data
Apple seems to be one of the best when it comes to SSO, based on what information is shared and what the user has control over. You can create an Apple account without having an Apple device.
Or, as Bischoff likes it, you can choose Twitter. “Compared to other networks where I store a lot of personal information and data, almost everything related to my his Twitter account is public, so if I log into Twitter, the app doesn’t have that much. data cannot be collected,” he says. However, not all apps have all sign-in he options.
You should also enable two-factor authentication, which generates a temporary passcode that is sent to your personal email address or phone number, to improve your social media security. This is one of the quickest and most effective ways to prevent unwanted online access, and has the added benefit of securing your single sign-on account. It’s safest to create unique passwords for each service you use, and an encrypted password manager helps keep track of everyone.