When signing up for a new account on a website or cloud service, you’ll often get a choice between creating a username and password or using the one you already have in place at Facebook or Google.
It can be tempting to reduce the number of different passwords out there you need to remember and just sign in using an account that you already have. If you’re already signed into Facebook or Google, it’s even easier to get started with the new account because you don’t have to log in at all.
People have an average of 38.4 passwords they must remember, and 53% of users rely on memory to “manage” passwords. So having one less to manage can seem like a good idea.
But there are some serious drawbacks to signing into another cloud service account with your Google or Facebook account.
Following are some reasons you do NOT want to use the “sign in with…” option and instead create a unique login for your accounts. This also may be something a company wants to add to its cloud use policy.
First, What is the “Sign in With” Process?
Facebook, Google, and Apple, among others, allow websites to use their login authentication for user accounts. In essence, Facebook and the others are saying that we vouch for this person, if they’re signed in with us, then they’ve authenticated who they are.
If someone chooses this option to sign up for a new cloud account, if they are already signed into Facebook or Google, they’ll be authorized to log into the new site right away. If they’re not logged in, then the login page they get is actually that of Facebook or the other “sign in with” service they chose.
Why It’s Best to NOT Use “Sign in With Facebook” or Other Accounts
Outages Will Then Impact Other Accounts (That Aren’t Down)
Facebook recently experienced a major outage in early October that had all their sites (Facebook, Instagram, WhatsApp, etc.) down for nearly six hours. This outage wasn’t even due to a cyberattack of any kind, it turned out to be an internal router issue where Facebook’s data centers were basically disconnected from the internet.
During the outage, people were frustrated not being able to log in to social media, but the outage was compounded for those people that used the “Sign in with Facebook” option on other sites.
With Facebook being down, if you tried to log into any other sites where you used “Sign in with Facebook” the authentication process could not be completed, and you would be locked out of those sites too.
Personal Data is Shared With the Other Account
Your user login process is not the only thing being shared with websites where you use your Facebook or Google login. There may be account information being shared that you’re not even aware of. Often people don’t pay much attention to those warning prompts when they just want to get going with a new account.
Here are some surprising examples from CBS News that show your Facebook or Google account information could be shared with another service by using the “login with” process:
- TripAdvisor looks at your Facebook friends list: When you connect your Facebook account with TripAdvisor you could be sacrificing the privacy of your friends and family without even realizing it. The site uses access to your Facebook friends to show you where your friends have traveled and which sites they’ve reviewed.
- Uber gets access to your Google Wallet: Signing into Uber with Google is going to share your payment information from Google Wallet to charge you for your rides.
- The site Doodle.com gets calendar access: Signing up with a scheduling site, like Doodle, with your Google account may also mean sharing your Google calendar with the app.
Hackers Gain Access to All Your Connected Accounts
It’s not unusual to hear from a friend or family member that their Facebook account was hacked and they had to sign up for a new account.
Unfortunately, Facebook account takeovers have become all too common and are a way for criminals to steal personal information and send out phishing messages posing as you.
If you have your Facebook login connected to multiple online accounts, that gives the hacker even more accounts of yours that they can gain access to. Once they break into your FB account, all they have to do is look at the connected accounts in the profile settings and know exactly which other accounts to log into as you.
Need Help With Password Management & Security?
C Solutions can help your Orlando area business put a comprehensive password management system in place along with other safeguards like single sign-on and MFA that keep user accounts better secured.
Schedule a free consultation today! Call 407-536-8381 or reach us online.