Most people agree that there are just too many passwords to keep up with these days. It’s estimated that the average person now has 100 passwords to manage between their various personal and work accounts and apps.
This has led to cybersecurity issues when users use weak passwords and/or use the same password across multiple accounts.
With so many companies moving to mainly cloud workflows since the pandemic, that means more data is stored behind employee logins in cloud applications, which has led to a rise in credential theft. This has been fueled largely by phishing attacks.
In 2020, there was a 630% rise in attacks on cloud accounts.
Being faced with having to create another password when signing up for an account with a new website or cloud service, many users will opt for the “Login with Facebook (Google, Apple)” option if they see it.
This option allows users to use their existing account with one of those services to create a new account and authenticate on a 3rd party site.
When you sign into the site, you will actually be served up the login form for the main service you used (Facebook, Google, Apple, etc.), and that website will authenticate to the third-party site that you’re a legitimate user.
This may seem like a great solution for reducing the number of new passwords you need to create, but it comes with some major drawbacks.
Why It’s Not a Good Idea to Use “Login with…” To Set Up New Accounts
Outages Can Impact Any Connected Sites
In early October, millions of Facebook users were shocked to find out the site was down, along with Facebook’s other properties, WhatsApp and Instagram.
The company had a severe outage that lasted nearly six hours during the middle of the day. This not only inconvenienced all those Facebook users wanting to keep up with their connections, it also impacted companies that rely on those social media services for selling their projects.
When you connect 3rd party accounts to your Facebook, Google, or Apple login, you create a “single point of failure” should an outage occur. If the main service, like Facebook, goes down, that means that you can’t authenticate the login on those 3rd party sites, and you are essentially locked out.
One Password Breach Can Impact Multiple Accounts
A golden rule of good password practices is not to use the same password for more than one account. You break that rule when you use the “Login with…” option.
Now, multiple sites may be relying on your Google or Facebook ID to authenticate, and if it’s compromised so are all those 3rd party sites by default.
Once a hacker breaks into a user account on a major site like Apple, Google, or Facebook, all they need to do is look in your settings for the connected apps. This gives them a list of other sites and applications they can gain access to.
While you may not have any credit card details stored in the main account that the hacker breaches, you might have them in a connected account that the hacker now also can breach.
Your Data Privacy Can Be Compromised
Sites that you connect to your Google, Facebook, or Apple account can get all types of data from those accounts. For example, if you use Google to sign up with Uber, your Google wallet can be shared. Using Facebook to sign up with Trip Advisor can share your Friends list with the site.
Some of the dangers of connecting a 3rd party site using “Login with…” include:
- You can be sharing more data than you realize with the 3rd party site
- The 3rd party site might not have as stringent data security as the site you’re using for login authentication
- Once data is shared, there is no getting it back
Sites May Not Always Have the Ability to Sign-in With Facebook, Google, or Apple
The site you are using with your Apple, Google, or Facebook ID might not always meet that site’s requirements to use that login process. If they lose that capability in the future, this could leave you without the ability to access your account.
If the site doesn’t offer data migration to a new account or any way to change your login to a traditional one, you could end up losing access to any data you stored in the app or website account.
Need Help Taming All Your Passwords?
Password breach has become the #1 cause of data breaches. It’s time to get a handle on how you manage them. Connect2Geek can help your Treasure Valley area business with effective password security solutions to keep your online accounts secure.
Schedule your free consultation to learn more today! Call 208-468-4323 or reach out online.