Using Social Login? Take These Steps to Secure Your Accounts

James Frew 27-09-2016

Over the summer Pokemon Go 10 Pokemon Go Tips and Tricks Everyone Should Know Pokemon Go is still fun even years after its launch. Here are the best Pokemon Go tips and tricks to get more out of the game. Read More became one of the most successful mobile games of all time. You may have seen some of the alarming stories that the game required full Google account access, potentially allowing them to see and modify everything in your account.


It seems the problem was overblown Is Pokémon Go a Privacy Minefield, Or Is Your Data Safe? For mobile gamers with an eye on their online privacy, questions over Pokémon Go's app permissions, how data is stored, and the background of the developer's CEO continue to cause concern... Read More and that Niantic was using an old version of Google’s shared sign-on service. They had never accessed more than your name and email address.

Once a fix was rolled out, everyone moved on. Despite scaring everybody, it did make people pay attention to what data they give away when using social logins.

What Are Social Logins?

You’ve probably seen the buttons before. You’ve try to login to a website and are presented with a collection of buttons that say “Login with…”

When you use one of those magical buttons, you login with an identity you have created on another site. This saves you from having to create yet another password for the new site.

Facebook Login Permissions Screenshot

There are two standards that make it easy for your favorite websites to add social login: OAuth and OpenID. OAuth allows you to authorize apps and websites to access your data from another website, whereas OpenID allows you to identify yourself to an app or website.

Google: What’s Connected?

Google holds an incredibly large amount of personal data, especially if you use their integrated services on an Android phone. Rogue apps can be a huge danger here, so it’s vital you protect your primary account.

Google Connected Apps Screenshot

After browsing the list of connected apps in Google’s Security settings, review what permissions an app has been granted.  You can then remove any unused or suspicious looking apps.

Facebook: What’s Connected?

Despite the widely held view that Facebook doesn’t value your privacy, they actually give you the most options. Facebook lists the apps connected to your account, and you can edit which permissions you grant, even after first connection.

Facebook Connected Apps Screenshot

If you’ve been using Login With Facebook for a while then it’s a good idea to check that you are happy with the apps and the permissions they have.

Twitter: What’s Connected?

Twitter login is most widely used for publishing sites like Medium, where your real identity isn’t essential to the service. That doesn’t mean that you don’t expose a lot of information in your tweets 7 Fascinating Ways Researchers Are Using Social Media Scientific researchers are flocking to social media as sites like Facebook, Twitter, and Instagram are an opportunity to observe people interacting with each other and social phenomena in an online "natural environment". Read More . That said, unless you have a private account Get The Most Out Of Using Twitter Privately If you use Twitter, you've probably noticed that by default your profile is set to public. Have you ever wondered how to make your Twitter account private or even why you should? It's probably safe... Read More all of your tweets are public anyway. Still, it’s best to check for rogue apps so they don’t go sending malicious tweets What Behavior Will Get You Into Trouble On Twitter There used to be a time when an employer would laugh at you if you were an avid social media user. Nowadays, employers will think you’re a weirdo if you don’t use Facebook, Twitter, LinkedIn,... Read More  on your behalf

Twitter Connected Apps Screenshot

Unlike Facebook you can’t go back and change which permissions each app has. Although you are able to Revoke Access to any apps you don’t want connected to your account.

Why Would You Want to Use Social Login?

Social logins really are as convenient and painless and the OAuth and OpenID creators imagined. Juggling a lot of passwords is the main culprit for poor security hygiene Protect Yourself With An Annual Security and Privacy Checkup We're almost two months into the new year, but there's still time to make a positive resolution. Forget drinking less caffeine - we're talking about taking steps to safeguard online security and privacy. Read More and reusing passwords across multiple sites. Using social logins reduces the amount of passwords you have to remember, and may keep you more secure in the event of a data leak.

Signing in with an OAuth provider awards an “access token” granting the app access to the approved information. This allows you to edit permissions when you login and potentially whenever you want in your account settings.

What About Your Privacy?

As the saying goes — if it’s free then you are the product. To get the speed and convenience of the improved login you do trade some amount of your data.

Online Privacy and Tracking
Image Credit: Fatmawati Achmad Zaenuri via Shutterstock

You should be aware that your provider will be tracking every site you use with their login. They won’t know what you do on that site, but they’ll know you were there.

Before allowing access to your account it may be wise to check their Privacy Policy. These documents are tedious by design to persuade you to accept the terms. The accounts we use as login providers like Facebook and Google hold vast amounts of very personal data that you may not want exposed to a third party app.

Check Permissions With MyPermissions

The MyPermissions website is one of the easiest ways MyPermissions: Easily Clean Up Your Social Media Permissions Read More to view the apps you have connected to your social accounts. You can also download their iOS or Android app to monitor the permissions that your apps request. Unlike the system level permissions managers on iOS and Android, MyPermissions makes the process easier by grading each app.

MyPermissions App Screenshot

I found that using the MyPermissions website was the best way to analyze the social accounts. Meanwhile, the mobile app was great at analyzing permissions granted to installed apps.

Don’t Get Hooked by Phishing

Attackers will commonly use a phoney website made to look like the login page New Phishing Scam Uses Scarily Accurate Google Login Page You get a Google Doc link. You click it, then sign in to your Google account. Seems safe enough, right? Wrong, apparently. A sophisticated phishing setup is teaching the world another online security lesson. Read More of your social provider. The pop-up opens and you you enter your username and password.

This may mean your login information is compromised, allowing the hacker full access to your accounts. This becomes even more of a problem if you’ve used the same password on many sites. Phishing is becoming increasingly complex but you can learn to spot a potential attack 4 General Methods You Can Use To Detect Phishing Attacks A "phish" is a term for a scam website that tries to look like a site that you know might well and visit often. The act of all these sites trying to steal your account... Read More .

Beware the Single Point of Failure

If you have used one or more providers to log into many sites, then you risk the Single Point of Failure (SPF). With password leaks happening all the time Password Leaks Are Happening Now: Here's How to Protect Yourself Password leaks happen all the time, and there's a chance one of your accounts will be involved, if it hasn't happened already. So what can you do to keep your accounts safe? Read More , it’s not impossible that your account might end up exposed. Having access to your primary login account would give the hacker access to all your connected accounts too.

Two Step Verification
Image Credit: GN8 via Shutterstock

Using two factor authentication What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More is one of the best ways to protect your accounts against SPF. Many sites also allow you to create a local website password in addition to your social login. This means that you can disconnect the affected account after logging in with your email and password instead.

Delve Into the Details

I know it can be downright tedious to read every login screen, terms & conditions, and privacy policy How to Write a Privacy Policy for Your Website Running a website? This guide goes through what you need to know about creating a privacy policy for your website with example text that you can use. Read More but if you are at all hesitant about granting your personal data to third party sites, or even allowing Facebook, Google, and others to view all of your browsing habits, then it’s worth the effort.

Before using a social login take the time to check over the site’s privacy policy and feel comfortable with it. If you use an OpenID login What Is OpenID? Four Awesome Providers Read More  it’s worth keeping in mind that the provider will be monitoring.

Sometimes it’s easier just to stick to email and create secure passwords How to Create a Strong Password That You Will Not Forget Do you know how to create and remember a good password? Here are some tips and tricks to maintain strong, separate passwords for all of your online accounts. Read More and store them in a password manager 5 Password Management Tools Compared: Find the One That's Perfect for You Choosing some sort of password management strategy to deal with the huge amount of passwords we need is crucial. If you're like most people, you probably store your passwords in your brain. To remember them... Read More . No need to worry about remembering hundreds of passwords, and then you avoid some of the pitfalls of social logins.

Do you use social logins? Do you ever worry about your privacy when you do? Do you have a favoured login provider or would you rather stick with email login? Let us know your thoughts in the comments below!

Explore more about: Online Security, Password.

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *