Are social logins safe to use?
Posted by Security on
used with permission from Norton by Symantec
By now you’ve noticed you typically have two options to log in to an online account. One is the traditional username and password combination. The other is the social login, which uses your credentials for a social networking account, such as Facebook, Google+, or Twitter.
Until recently the login method you prefer might have hinged on convenience. However, you may want to consider security and privacy before you click that “Log in with Facebook” button again.
Benefits of social logins
One of the biggest reasons people leave a website is because they are asked to create an account in order to proceed. With the number of online accounts people have, it’s no wonder the thought of creating another username and password combo makes people consider getting off the grid. That’s where social logins come into play.
Most people, especially Millennials, are comfortable living their lives online. And since many people are logged into a social account 24×7, using their social logins is convenient and makes life easier, at least at first glance. However, basic security standards and information privacy should be considered.
Facebook login privacy
Given the nature of Facebook as a platform for users to share details of their lives, people don’t often think of the words “Facebook” and “privacy” together. However, the world’s largest social media site does not require you to share personal information when you use a third-party application that asks for your social login.
Since April 2014, Facebook has let people decide what information to share, if any, when installing and running third-party apps. Anonymous Login logs people in to apps so they don’t have to remember usernames and passwords, but it doesn’t share personal information from Facebook. People can decide later if they want to share any additional information, once they understand more about the app.
The Facebook Login, on the other hand, offers line-by-line control. According to Facebook, “People can select the data an app gets by unchecking categories of information, one by one.”
The risks of social logins
Although Facebook may protect its users’ privacy in these ways, staying logged into Facebook or any other social media account may open you up to dangers that those social companies can’t protect you from.
One very basic rule of Internet security is to log out of accounts when you’re not actively using them. But in order to use social logins for convenience by not having to enter a username and password, you must be logged in to your social account. True, you may be saving yourself time and storage space in your memory bank by just remembering this one combination; however, having one username-password combo that provides access to your entire digital life is something to be concerned about.
What happens, say, if you’re logged into your favorite social networking site and then misplace your phone? As if that wasn’t tragic enough, you also haven’t activated the automatic-lock feature on your now-missing phone. Guess what? Whoever finds your phone can access your accounts on any of the apps or sites you use regularly.
“Aha,” you say, “but if I’ve logged out on my phone, my info is safe!” Wrong. If you’re logged into the social account on any platform (your tablet, your laptop), the social login will still work.
How to use social logins smartly
If you still decide to use social logins, here are some steps to take to protect yourself:
- Log out of any idle accounts. It’s still the best way to prevent somebody else from easily accessing your private accounts.
- Make sure to lock your devices with passwords or passcodes, too.
- Create a complex password for the social account that you use to log in to your other accounts. Since this password provides entry to other accounts, you want to make it as hard to crack as you can. This means it should be at least eight characters long, with a combination of upper- and lowercase letters and symbols.
- If you’re using social logins because you don’t want to remember a plethora of passwords, be sure to change that password frequently. To help you remember to do this, get into the habit of updating it on the first day of every month.
- Use two-factor authentication (2FA) or multi-factor authentication (MFA) whenever it’s offered. This will add additional levels of security for your account. By using 2FA or MFA, you’ll use something you know (password), something you have (your device), and something you “are” (voice or fingerprint) to unlock access to your social account. An offline example is when you use your debit card at an ATM. Your card is something you have, and your PIN is something you know. These two types of information, used in combination, authenticate you as the correct user to access your bank account.