An ever-increasing number of websites today use social media logins to create user accounts. Social media logins are used to improve the overall user experience; the method provides an easy, seamless login option, encouraging their engagement and foregoing a traditional sign up process. Many users also assume that a social media login is the more inherently secure option, but this isn't necessarily true.
A Single Malicious Attack Can Compromise All Login Information
When exploits are developed that target a social media site's login application, the same exploits can be used on any sites that utilize the same login system. Vulnerabilities within OpenID technology or the social media site's proprietary API can then be used to gain access to a user's accounts, financial information, personal data, and more. This also makes social media logins an extremely attractive target for cyber criminals -- they only need to break into a single system to gain access to a multitude of accounts.
Virtually Any Site Can Use a Social Media Login
Many users assume that there is likely a lengthy application process or some form of security clearance that a website needs to go through in order to feature a social media login on their site. In fact, virtually anyone can place a social media login on their website, as long as they have the technical knowledge to install it properly. These third-party sites may not be secured, or may even be intentionally using a social media login to collect information for their own purposes. There can even be fake social media login pages, to lure users into entering in their real login information.
Fast Isn't Always Better: A Single Sign-in Exposes All Your Information
Once you've logged into your social media account on a device, that login can be used to connect to any other websites that you've attached the account to. This is especially true if you've saved any relevant password information on your device. With a little time and knowledge, anyone who has access to your smartphone, tablet, laptop, and desktop PC will be able to access a large amount of your personal information. And this access doesn't necessarily need to be physical -- exploits exist that can give a remote attacker control of your mobile devices and computers.
So how can businesses and users achieve a streamlined login process without compromising their security? Identity-as-a-service platforms such as Onelogin offer a better, more comprehensive option. Social media sites were never intended to be universal login services. Comparatively, Onelogin has been developed specifically to address the growing need for a universal login service. See our previous post on Onelogin for more details.