Social Sign-on: Sure, it’s convenient. But is it really safe?
Remembering passwords is always a hassle, especially when you have innumerable websites that require logging in to view or interact with their content. To make the process simpler (as little as a couple of clicks), webmasters worldwide have accepted and implemented social logins on their websites.
Social Sign-on: Sure, it’s convenient. But is it really safe?
So, what exactly is social login? How different is it compared to the traditional method of inputting your credentials such as username, email address and password manually? More importantly, is it safe enough for use on all kinds of browsing activities?
In this article, we answer all the above questions and more, helping you understand what social sign-on is, and what the disadvantages of this convenient method are.
The history of social logins
Social sign-on as a method of hassle-free authentication has been around for over a decade now. Back in the nascent days of the modern internet in 2008, Facebook launched Facebook Connect, a service aimed at simplifying registrations on websites.
Once webmasters enabled FB Connect on their websites, visitors to the site would no longer need to fill up lengthy registration forms to sign up for the website’s offerings.
All they needed to do was connect their existing Facebook account to the website, enabling direct access to the site with a click of a button.
In 2009 and 2010, Twitter and LinkedIn respectively enabled their users to socially login to other sites using their existing social network credentials.
Google+ followed suit in 2011, and although no longer active as Google+, it still supports social sign-on using a Google account.
While it all sounds very convenient, social sign-on has many drawbacks and challenges that impact both website visitors and website owners.
Social Sign-on: The challenges and disadvantages
The Trust Factor
Most internet users do not trust the websites they browse to store and utilize their personal information safely and responsibly. Often, website visitors are concerned about how the information they have shared will be used.
In a June 2020 survey conducted by Insider Intelligence, 32% of US Facebook users felt that they somewhat disagreed that the platform could keep their data and privacy secure.
People tend to be wary of the private information they share online; they often resort to uploading falsified or inaccurate information about themselves on social media.
Considering that these social media sites do not verify or vouch for the authenticity of their user’s information, this could be less than ideal for a website looking for accurate data while accepting new user registrations.
In 2019, Facebook released data that said that 16% of the accounts on its platform are fake/duplicate accounts created by individuals or companies. What’s more worrisome are the findings of the research team at NATO StratCom that suggest 95% of the reported fake accounts still continued to remain active, with no action taken by the social media website.
With no checks on the actual profile that’s being used to socially sign-on to your website, you could soon have an imposter, Donald Trump or Joe Biden signing up for your global warming newsletter or purchasing a bag of your freshly powdered Mexican coffee.
Not everyone’s social — nor on social
While we talk about social media, we need to understand that although it is a global phenomenon with an insanely large number (read 3.6 billion) of people using it, there is still a sizeable chunk (>50%) of the population that is not on social media.
Using a restrictive method, you risk alienating a section of society that could be your potential target audience.
Transfer of Power
Enabling social sign-on seems pretty enticing at first, considering it would cut down your authentication work significantly. But this very ‘benefit’ could end up costing you dearly, as you lose control over your visitors’ data to a third-party service provider, i.e., the social media network.
Should there be any downtime at the social media service’s end, your website visitors would be stranded, unable to login to your site or access their data?
Access Control Issues
Many internet access places tend to have controls in place when it comes to accessing social media. For example, corporate and educational networks generally block access to social websites. Certain countries like Iran, China, Syria, and North Korea have blanket bans on the most popular social websites.
Social sign-on still depends on an API call-back to the social networking site to authenticate the user. Thus, by having social sign-on set up on your website, visitors authenticating on your site through these networks would end up facing a website with broken functionality.
Social media accounts are often the target of several hacking and phishing attempts. Thus, if your user’s social media account is hacked, it could lead to their account on your site being compromised as a result.
A University of Maryland study revealed a hacking attempt every 39 seconds on average, affecting a third of Americans every year.
Hacked social accounts could have an adverse impact on your website as well, by performing activities that might eat up your server resources or corrupt your files, if your security is not up to the mark. Secure authentication is the need of the hour, and knowledge of the security practices will help solve these concerns.
Too much to choose
People use many social media websites, so keeping a single social login can be counterproductive. However, providing multiple methods to login could likely confuse or overwhelm your visitor, leading to lower conversion or sign-up rates.
Lesser data to work with
Using a social sign-on for your website would mean limited access to user data, especially email. Not every social media network allows websites to access the customer’s email address. For businesses that rely on customer information for lead generation, this would be a major deal-breaker.
Awareness of all the security practices and malpractices (sawolabs dotcom) will help educate users as well as the website owners.
If not social sign-on, then what?
All the above drawbacks would make webmasters question the efficacy of social sign-on. But then, is there a better alternative that does not include such shortcomings?
Say hello to passwordless authentication powered by SAWO Labs. A new-age solution designed to address all concerns of security, compatibility and functionality.
Social Sign-on: Sure, it’s convenient. But is it really safe? was originally published on ReadWrite by Akshay Shetye.