Compromised credentials have now become the main cause of data breaches globally. They’re responsible for an average of 20% of all data breaches, with an average cost per breach of $4.37 million.
One of the reasons for the rise in password compromise is because users have so many passwords to juggle that they often fall into poor password habits, such as creating weak passwords and reusing the same password across several logins.
One way to eliminate the need to create yet another password when signing up for a new cloud service or website is to use the “Sign-in with Facebook (or Google)” option.
Using this option to create a new account with your Facebook or Google ID can seem like a great idea because you can skip the whole process of creating another password. But it doesn’t come without risk to your data security.
We’ll go through the pros and cons of using FB or Google to create an account with a third-party site so you can decide whether or not this is a good option for you.
Pros of Using “Sign-in With”
One Less Password to Keep Up With
The biggest benefit of using FB or Google to create another account is that you don’t have to make another password. The third-party site uses your credential authentication with Google or Facebook to log you in and confirm you are who you say you are.
That’s one or more fewer passwords to remember. When logging into the third-party site, you’re simply served up the login form for Google or FB and then redirected to your account once you log in.
You Can Sign Up Faster
Because your information is being used from your Google or FB account, you can often sign up with a new site or cloud service faster using the “sign-in with” method.
Instead of having to fill out all those details, they’re populated for you automatically from your Facebook or Google profile.
Profile Details are Synced
Your profile details from FB or Google are synced with the new account, which gives you a consistent online profile (photo, name, email, etc.). If you want to update your profile photo, you can simply do it on the main account (Facebook or Google) and it will generally automatically update across the accounts you’ve connected to that login.
Cons of Using “Sign-in With”
One Password Breach Can Impact Multiple Accounts
You’re tying account access for several accounts to a single account when you use the “sign-in with” option. If your Facebook account is hacked, then the hacker can also sign in to all the third-party sites you’ve attached to that account.
Hackers won’t have to go looking for this information either. It’s there in your Google or Facebook account settings, providing a handy list of other accounts of yours they now can access.
Downtime Can Mean Being Locked Out of Connected Sites
If Facebook or Google goes down, then you not only lose access to that account, you also lose access to any other accounts you connected to that ID. While the third-party site may not be down, if Facebook or Google is offline, then the authentication process used with that ID is also offline. This means you can’t authenticate to sign in to your account.
This isn’t just a “maybe,” either. Big sites like Facebook and Google can go down. This happened in early October for Facebook. The site, as well as its other sites Instagram and WhatsApp, were down for nearly six hours due to a network issue.
Anyone that used Facebook to set up accounts with other third-party cloud services was also locked out of those during the outage.
A Lot of Personal Account Data Can Be Shared
Once you share personal data online, there is no getting it back. It’s like trying to get toothpaste back in the tube. When you use your FB or Google account to authenticate on other sites, you’ll be asked to allow sharing of certain data.
This may seem fine at first if you’re only being asked to share your email address and profile details. But as time goes on, you’ll often get prompts from those third-party sites to share more data to “enhance your experience” in some way.
Here are some examples of the types of data a third-party app will source from a connected account:
- Uber taps into your Google Wallet payment information
- Trip Advisor looks at your FB friends list to find travel and review-related information
- Doodle accesses your Google Calendar
Need Help With Password Management & Security?
Unity IT can help your Fresno area business reduce the risk of a cloud account breach with strong password management and security solutions.
Contact us today to schedule a technology consultation at 559-297-1007 or reach out online.