When you see the opportunity to log into a website with your existing Facebook or Google ID, you have a choice to make. Do you create yet another password to add to the list? Or do you use your existing account on one of those major services to log into a new site? It can seem like a good idea to use the “sign in with” option that many third-party sites offer. However, is the convenience of not creating another password worth it?
What does it mean to cloud security to tie multiple accounts to one ID with Facebook or Google? Cloud account attacks increased 630% in 2020 and password compromise is now the number one cause of data breaches. As our reliance on cloud applications has grown, so have the attacks on these accounts. This makes it even more vital than in the past to pay attention to how you’re using and securing your cloud accounts. One thing that you should stop doing right away is using your Facebook or Google ID to authenticate other third-party accounts. Here are several reasons why.
You Tie Several Accounts to One Password
One of the basics of good password security is to create a unique password for every account you have. Sharing passwords between accounts leaves all those accounts more vulnerable. Passwords can be breached for several reasons:
- Data breach of the cloud provider
- An easy password is hacked
- The password is stored in an unsecured way (e.g., in an Excel sheet)
- The password is emailed in a non-encrypted message
Using your Facebook or Google account to log into another account means that if that password is ever breached, the hacker can look at your settings to see what other sites they now have access to. You risk multiple accounts being exposed by tying them to a single login password.
3rd Party Sites Gather a Lot of Your Personal Data
You may click past that sharing notice when using your Facebook or Google ID to set up an account with a new website. But those 3rd party sites are often gathering a lot of information about you from your profile. You could be sharing things like your friends list, contacts, calendar, and even your Google Wallet.
According to a report by CBS News, sites like Etsy and Orbitz don’t ask for all your profile details upfront. They will do this slowly over time. Each time the site asks for another permission, it doesn’t seem like it’s that much. Once you share your personal details from your Facebook or Google account with a third-party site, there is no getting them back. And the more sites that have your information, the more risk there is. One could be subject to a database breach and your details could end up for sale on the Dark Web.
Downtime on Facebook or Google Can Impact Those Connected Sites
Facebook and Google aren’t impervious to downtime. In early October, Facebook was down for just about six hours, and the site was totally inaccessible. For those that used Facebook to create accounts on other web services, this meant that they also were locked out of those services. Because Facebook wasn’t online to authenticate the login process, they couldn’t log in. You set yourself up for major issues with site lockouts if several of your other accounts are relying on Google or Facebook’s 24/7 availability.
The Third-Party Site Might Lose Their Access to the Login Process
Facebook and Google have requirements for sites to connect to their services using the “login with” process. Those services can also change their requirements at any time. This can mean that a site you’re using might lose access to the “login with” process and no longer be able to use Facebook or Google for authentication. Should this happen, you could be locked out of the data in your account. You’d also be forced to create a new one. What if the site doesn’t offer a way to retrieve your information from the connected account? It could be lost for good.
It’s More Difficult to Change Your Profile Details
Say you log into Zoom with your Google ID and want to change your profile image to something different than is displayed on your Google profile. This is going to be tricky since you’ve connected the two accounts. When you use the “login with” feature, the third-party site is pulling information like your email address, profile image, phone number, and more from Facebook or Google. These can be difficult to separate once connected. This means it may be tricky or impossible to change any profile details on the connected third-party site.
Looking for Password Security Solutions?
Copperband Technologies can help your southern Kentucky or Middle Tennessee business with smart password management and security solutions that help keep your logins unique and secure. Contact us today to schedule a consultation! Call 931.263.8000 or email us.