There are so many different passwords that people need to remember these days that being able to sign up for an account without making a new one can seem like a good idea.
Both Facebook and Google give 3rd party websites the ability to authenticate an account with their services. This can seem like a great idea because you don’t have to create yet another login.
But are there any drawbacks to cloud data security?
Using your ID with Google or Facebook to access other websites and cloud services comes with its own drawbacks and risks that may outweigh the convenience.
How Does “Sign in With” Work?
When you chose Facebook or Google to set up an account for a site, the cloud service is providing login authentication and profile information.
The third-party site populates things like your email address, phone number, profile name, and profile photo directly from your Google or Facebook account.
When you want to access the third-party site, you’ll be presented the login page for the service you’ve connected (Facebook or Google).
Changes to your FB or Google profile will typically be synced with the other site.
You never have a separate username or password with the third-party site.
Why You May Want to Think Twice Before Using “Sign in With Facebook/Google”
One Password Breach Can Unlock Multiple Accounts
One of the biggest dangers of using your FB or Google account to sign in with other sites is that if that account is breached, all the connected accounts are at risk.
Using unique passwords for every login you have is one of the best practices of good password security for a reason. If accounts don’t share the same username and password, then you don’t risk several accounts being compromised should one password get hacked.
In a study of corporate social media accounts, it was found that companies experience an average of nearly 30 attempts to breach their social media accounts per year. An average of 4 credential compromises occurs each year per high-level staff.
It’s not hard for a hacker to find out what other accounts they can hack after gaining access to your Facebook or Google account. All they need to do is look in the account settings for a list.
Outages Can Leave You Locked Out of Multiple Sites
You create a “single point of failure” when you tie multiple accounts to your Facebook or Google account. Should the main account provider have an outage, you won’t be able to authenticate with those 3rd party sites.
Early in October, Facebook was down for nearly 6 hours, leaving millions without the ability to access its services because it was cut off from the internet by a network malfunction.
Those users that also used Facebook to create accounts with other sites, were kept from being able to authenticate and login to those sites as well.
You’re Sharing a Lot of Personal Data
Privacy has become a main concern in the internet age. Not all companies handle data responsibly, and even if they seem to have good privacy policies, they can get hacked.
So, the less data you share between sites, the better. The more data that can be gathered on you and your online habits, the easier it is to target you with ads and phishing campaigns.
When you connect your Google or Facebook account with a third-party site, there may be more information shared between the sites than you realise.
A few examples:
- Uber will look at your Google Wallet and use that for fare payments when signing in with Google on the site.
- Trip Advisor will commandeer your friend’s list when you sign in with Facebook for the purpose of showing you where they’ve traveled or reviews that they’ve posted.
- Other apps, like Doodle, will read the contents of your Google calendar when connecting the two sites.
You May Have Less Ability to Edit Profile Details
If you sign up for Zoom with your Google account, it automatically imports your photo. It’s very hard to disconnect that profile picture from your Google profile should you want a different photo showing during Zoom calls.
When you connect to an existing profile with Google or Facebook, the 3rd party site is using those details for your account on its service. Should you want to use a different email address, address, phone, or other profile information than what is on Google or Facebook, it can be impossible or difficult to do.
Get Help With Online Privacy & Password Solutions
Connected Platforms can help your Brisbane area business improve your password security and online privacy to ensure you’re following best practices to protect your data.
Contact us for a free consultation. Call (07) 3062 6932 or book a coffee meeting online.