Without passwords, we wouldn’t be able to get into many services online at all. But the number of passwords people are up to is getting harder to fathom each year. Currently, each person has to juggle an average of 100 passwords.
The thought of making yet another password when you sign up for a new website or cloud app account can lead people to do what they can to skip creating yet another one. Many users take advantage of the “Sign in with Facebook (or Google)” option offered by several websites.
Signing up for a new site with your existing Facebook or Google ID can seem like a great way to avoid making yet another password and improve network security by reducing your number of different logins.
You can even get your account started a little faster if you’re already logged into the main ID you’re using. The new site will instantly pick up things like your username, email address, and profile photo.
But is this shortcut really secure?
There are multiple disadvantages to tying other 3rd party accounts to your Google or Facebook ID and these include things like security risk and the potential for more work disruption should a site go down.
Here are several reasons to avoid the “Sign in with…” option and instead create unique IDs for each new account you make.
You’re Breaking the Unique Password Rule
One of the rules of good password security is to use a unique password with each account you have. This reduces the risk that one password being compromised can cause several accounts to be hacked because they share identical authentication credentials.
When you create accounts with 3rd party sites using your Google or Facebook login, you’re essentially giving those accounts the same username and password, making them much more susceptible to a breach.
If your FB or Google account is breached, then a hacker can get a road map to all the connected accounts by simply going into your settings.
If you have an account connected that might have your credit card details stored, this can mean that one hack now has much larger consequences.
You Could Be Sharing More Information Than You Realize
You have to agree to share certain information with the 3rd party site from your Facebook or Google account when you connect them. This might be more information than you initially realize when you’re clicking the “ok” button to sign in for the first time.
For example, connecting Uber with your Google ID means that Uber can now access payment details in your Google Wallet. Using Trip Advisor with your Facebook account will give the site access to your friends list on the social platform.
Once your data is instantly shared with a 3rd party site, there’s no getting it back, even if you disconnect the service or close the account. Trying to get shared data back is like trying to put toothpaste back in a tube.
Downtime Can Impact You More
In early October, Facebook had a major outage that took the site down for nearly six hours. Its other sites, Instagram and WhatsApp, were also disconnected during that time.
This was a major ripple across the internet universe as millions were unable to get into a service that they normally check several times a day. But for users that connected the Facebook authentication process to other websites when setting up accounts, the downtime was worse.
Without Facebook being available to authenticate user login, users were also locked out of their accounts with connected 3rd party sites while Facebook was offline.
So, you set yourself up for what’s known as a “single point of failure” when you use Google or Facebook to create accounts with other services.
Less Control Over Profile Changes
When connecting a 3rd party website to your FB or Google account, you are sharing things like your profile photo, username, email address, and possibly phone number and physical address.
Once these are connected, it can be more difficult for you to change your details on the 3rd party site if you don’t want to use the same information as is on your Facebook or Google account.
For example, you might have a silly photo as your profile photo on Google, but on Zoom, which you’ve signed into with Google, you want a more professional profile image. Trying to change that can be difficult if you’ve tied the two accounts together.
Need Good Password Management & Security Solutions?
Password security is vital to preventing your risk of a cloud account breach. Rocky Knoll Technologies can help your Charlotte area business with smart and manageable solutions to keep passwords better secured.
Schedule a consultation by calling 704.594.7292 or reach us online.