Having to remember multiple passwords for just about everything we do online has become a common part of life. Most people end up going through a password reset regularly when they forget one of those many passwords.
With an average of 100 passwords to juggle, anything you can do to reduce the number of logins you use can sound like a good idea. For example, the “Login with Google (Facebook, Apple, etc.)” can seem like a great way to reduce the burden of passwords and get into accounts more easily.
When you use the “login with” option, the site you are creating an account with connects to Facebook or another major site and uses those login credentials for your access to its site.
For example, if you sign in using your Google ID, then when accessing that website, you actually get served up the Google login page. When you authenticate there, the site uses those credentials (username/password) to create your account.
If you’re already signed into Google, then you may automatically get logged into the other site, without needing to sign in again at all.
It sounds like a great solution to creating even more passwords, right? But using the “login with” option can actually put your data security at risk and cause other unexpected consequences.
An Outage Locks You Out of Multiple Sites
Facebook when down for nearly six hours in early October. This caused a major stir across the internet because about 1.9 billion people use Facebook each day.
But for those people that used their Facebook account to sign up for accounts with other apps and websites, they were not only locked out of Facebook. Because the FB authentication process was down along with the site, any other websites using that process could also not authenticate the user. Thus, users were additionally unable to access those connected accounts.
You run the risk of one major outage impacting many of the sites you use if you connect those sites to your login ID with Apple, Facebook, or Google.
Your Personal Information Can Be Accessed
You may be surprised at all the personal information being shared by sites like Google and Facebook with other sites you’re connecting to that login ID.
For example, using Facebook to log in to Trip Advisor can share your “friends” list to show you sites they’ve reviewed. Signing into Uber with your Google ID shares the payment information in your Google Wallet.
Large cloud services like Apple and Google store a lot of information on users. This includes calendars and the events on them, shopping habits, payment data, and more. If you connect other websites to all that data, there is no telling how it could be used.
Most users just page on by the prompt or link that explains data sharing during the initial “login with” process. This could leave you at a much bigger risk of identity theft or a targeted phishing attack.
You Risk One Account Breach Turning into Several
One of the biggest downsides of using your Facebook, Apple, or Google account to log into another website is that you’ve just broken one of the golden rules of password security. That rule is to create unique logins for every online account or app that you use.
Once a hacker breaches your Facebook or Google account, all they need to do is look in your settings to see what other apps have access to your account. They can then easily go to any of those sites and sign in as you.
This reason alone makes it very risky to connect other sites to your login authentication of Facebook, Google, or Apple. While you may think “Well, I don’t have any payment data stored in my Google account so there’s less risk,” you might have payment details stored in connected accounts, such as eBay.
The Third-Party Site Might Lose Access
If a smaller third-party site violates any agreements that Facebook, Google, or Apple require for the connection process, then they could end up losing that capability.
Or the major cloud service may decide to change its “login with” rules, and some sites are unable to meet the new requirements.
In this case, you could be inconveniently locked out of that account or have to start a new one and lose all your stored data.
When creating new online accounts, it’s best not to make them dependent upon authentication through another application. When you do that, it creates a “single point of failure” scenario, when one problem with one site could end up impacting many of your other accounts.
Get Help Optimizing Your Company’s Authentication Process
Are passwords and user authentication a growing security problem? Texas I.T. Pros can help your Denton or Wise County business use effective methods that keep your accounts more secure and are convenient for users.
Contact us today to learn more! Call 940-239-6500 or reach out online.