It’s become common for third-party websites to offer the option of logging in with a social media account (such as your Facebook, Twitter, or Google username and password) instead of creating a unique account at their website. Is this safe? Or does it make you more vulnerable to cyber crime? The experts disagree, and there are pros and cons. But before I dive into them, here’s a little background.
The process of using one set of credentials to login to a third party site is handled by the OAuth protocol. When you click on the button to Login with Facebook, you will enter your Facebook credentials, and open your Facebook account with an Oath dialog box that asks you to approve the login and the terms of privacy. The third party site never knows your Facebook password, but they do get access to some of your information, for example, your public profile, your friend list, your email address, and frequently have the ability to post on your behalf on your Facebook wall.
So, back to the original question. In simple terms, yes. But here are some pros and cons to help you decide if you want to do it.
PROS of using social media credentials to login to a third party site.
1) It’s easy. Fewer passwords to keep track off.
2) It’s simple to revoke access by going to to your social media account settings page (Facebook, Google or Twitter) and clicking “REVOKE ACCESS.”
3) Even if the third party site gets hacked, they don’t your password.
4) Sites such as Google often have better security and smaller independent sites, and offer you security measures such as two-factor authentication. Fahmida Y. Rashid, PC Magazine, explains why he prefers using his Google account to login to third-party sites: “I have a strong and complex password and I also enabled two-factor authentication. So my Google account is as safe as I can make it, and I trust Google to take the necessary steps to keep my information secure.”
CONS of using social media credentials to login to a third party site.
1) Managing multiple passwords is easy with a good password manager, so having lots of unique passwords is not really problem.
2) The third party site will have access to some of your social media data, such as friend lists. Be sure to read the small print and be aware of what kind of access you are approving.
3) If your social media account is hacked, the hacker now has access to multiple sites.
So what do I do? When a unique website login is offered, I usually use it. But frequently sites need access to my social media accounts (tools, analytics, backup, automation, etc), and in those cases, I do use OAuth logins. And, in general, I agree with Rashid: if given a choice of OAuth accounts, I would always use my Google login, because I believe that is the most secure.