Do You Sign Into Other Sites with Your Facebook or Google ID Here's Why You Shouldn't

It can feel like every other day you have to create a new login for some type of app or website. Trying to keep up with all those passwords can be difficult, causing many people to have to go through an annoying password reset at least once a month for one of their accounts.

Having too many passwords to keep up with is a big reason that 54% of employees reuse passwords across multiple work accounts. That reuse weakens company network security.

When you have so many passwords to juggle already, it’s tempting to use a “Sign in With Facebook or Google” feature on a website. It keeps you from having to create yet another password and can speed up the time it takes to make and access a new account. 

How the feature works is that 3rd party sites can request to use the authentication feature from Facebook or Google. If they meet the requirements, they can then set up new accounts using the account information that the person already has in place on either their Google or Facebook account.

When accessing the third-party site, they’ll be served up the login page for Google or Facebook, and then redirected to their account on that third-party site.

While this is convenient for many people, it also has some serious drawbacks for security and accessibility. 

Why You Should Not Create New Accounts Using Your FB or Google ID

The App May Access More Data Than You Want

When connecting your Facebook or Google account to another site, you’re granting that site certain permissions to your data. You may not realize what “see your friends list” means when you’re going through the initial permissions screen, but it could mean that more than just your friends’ names are being accessed.

For example, Trip Advisor looks at the connection between your friends and any reviews they‘ve posted on the site. Uber will access your Google Wallet if you create an account using your Google ID. And other apps will access things like your calendar, “likes” activity, contacts list, and more.

Once you connect your account and grant permissions, that third-party app will typically do an automatic data grab, and even if you close your account later, they still have your data.

You Put All Your Accounts at Risk If the Main One Is Breached

If a hacker breaches your Facebook or Google account, then all the connected accounts are easy for them to breach as well, as they already have the login. They can even lock you out of those accounts by changing your FB or Google password.

Accounts connected to your Google or Facebook account are conveniently listed in your account security settings. This gives a roadmap to the hacker for the other accounts they can now access.

You break one of the core best practices of good password security when you use the “sign-in with…” option, which is that you should create unique passwords for all your logins. 

An Outage Can Impact Several of Your Accounts

In early October, Facebook had an outage that lasted nearly 6 hours. The site, along with other properties WhatsApp and Instagram, was essentially cut off from the internet. This led to millions of users not being able to use the site at all.

For any people that had used the “Sign in With Facebook” option on third-party sites, the outage was compounded. Without Facebook’s site being available to authenticate the login, users were locked out. 

When you connect other accounts to your Facebook or Google account, you create a “single point of failure.” The same is true if you end up closing that Facebook or Google account. You would be cut off from the authentication process that you used to make those other third-party accounts.

You’ve Connected Things You Can’t Change

If you use your Google account to sign up for Zoom, you are automatically sharing your profile picture, so Zoom will display the photo you have on Google.

If you want a different image on the third-party site than you have on your Facebook or Google profile, you might be out of luck or have to jump through hoops to get those profiles disconnected.

You lose some of the flexibility you have on a site you connect to FB or Google because it’s pulling certain details from that cloud service, such as your name, username, and email address, among other things.

Get Help With Password & Cloud Security

Onsite Techs of Rhode Island can help your business put password security solutions in place that help users better manage their passwords to keep your cloud accounts secure.  

Contact us today to schedule a consultation at 401-773-7766 or book a video call now.