If you’re on a website and creating an account for something so you can come back later, or check out with an order, have you ever seen the options for “Sign In With Facebook” or “Sign In With Google” as an option? Instead of typing out your email address and making a password, you can simply click “Sign In With…” and, if you’re already logged into one of those other platforms, you can simply approve the access and get into your account. No email or password needed.
This is called single sign on, or SSO. It’s quick and easy and saves the extra steps of creating a whole new account and password.
“Single sign-on” is convenient. It saves you from having to remember one more account login. But it isn’t as secure as you might think. While the SSO feature is offered by big tech companies that can invest in security like Facebook, Google and Apple, you’re putting trust in these companies to protect your privacy and security. You’re also putting trust in the third-party companies that use the SSO feature to protect your security and privacy as well.
If one of the websites using the SSO feature gets compromised, phishers can access all the accounts you secured with the SSO account. In September 2018, Facebook disclosed a massive data breach that impacted at least 50 million of its users. This breach exposed any other account those people logged into using Facebook SSO.
It can also be complicated if you change your password on the account you use for SSO. You’ll have to re-enter the new password each time you log in to a site where you used the SSO feature. Also, if you lose track of the account you used for SSO, you may not be able to get logged into websites where you logged in using that method. (For example, if you use Facebook to set up a photo album website account, and later lose access to your Facebook account, you might not be able to get back into your photo album website.)
A better way to enjoy the convenience of getting logged in quickly to your accounts on websites is to use a password manager. These are applications that store all your passwords, and can auto-fill your account login details when you return to websites and want to log in. It helps you avoid the hassle of remembering passwords and typing them in. Plus, you get the security of keeping your data safe.
It’s great to optimize for convenience–but not at the expense of your privacy and safety.
