Single Sign-On Feature on Social Media Platforms Is a Security Threat

These days, it is not a matter of whether you have any kind of account online. It's the question of how MANY accounts you have. The more accounts you have, the more bothersome the sign-on processes become because you have to remember all those logins and passwords. Of course, you can always use a password manager tool to make the process easier and smoother, but not everyone resorts to that. Therefore, today, we would like to talk about another feature that offers you ease of access to multiple accounts on social media and elsewhere, namely, the single sign-on feature.

What is Single Sign-on?

You can think of the single sign-on as a universal identity card that allows you to access all of your personal accounts at once. To use a more tech-savvy lingo, single sign-on is an access control tool intended for multiple independent systems. These systems are usually related, and this is how one single sign-on works for all of them.

Like most of the authentication solutions, there are advantages and disadvantages to single sign-on. You will definitely find researchers who say that single sign-on is a security risk. However, there are others who will maintain that it is perfect for reducing the password fatigue issue, and some platforms are even migrating towards the wide-spread application of the single sign-on feature in order to stop relying on passwords so much.

For instance, just recently, Apple rolled out with a new 'Sign in with Apple' feature, thus virtually turning Apple into the privacy-as-a-service company. Technically, the new feature should help users access several platforms and accounts using their Apple credentials. It is still not clear how well this feature will work, but it definitely shows that companies are moving forward with personal authentication, and they are trying to come up with different solutions.

Single Sign-on Types

Of course, users employ tons of different devices to access their accounts, and so there are different sorts of single sign-on solutions. The main three types include web, mobile, and federated single sign-on. Web single sign-on encompasses family websites that allow their customers to access umbrella sites using the same credentials. Mobile single sign-on is almost the same as the web one, you just use a mobile device to access the account as opposed to a desktop.

Finally, federated single sign-on employs industry-standard protocols (like SAML, JWT, OpenID, etc.) that virtually dismiss authentication barriers across different sites and users can access accounts almost seamlessly. This happens because your login credentials are held by partners, not individual websites.

The Advantages of Single Sign-on

Probably, the very first advantage that you can think of is that single sign-on relieves you of memorizing multiple passwords. It also ensures seamless user experience because you don't need to authenticate your identity each time you access one site or the other. You simply browse from one page to another without even bothering to re-confirm your identity time and again.

From the business perspective, single sign-on also allows unifying customer profiles. Instead of having multiple profiles across different platforms, the feature gives a centralized view of the same customer. As a result, it is practical and economical.

Single sign-on advocates will also tell you that it's better to use this feature because you don't need to rely on a third-party to manage or store your passwords. This is definitely debatable because security experts who think that single sign-on is a security risk would rather offer to employ a password manager instead. However, it is definitely certain that single sign-on reduces password fatigue, as we have mentioned already.

Users no longer need to come up with different password combinations for multiple accounts, and this feature also saves your time because you no longer need to re-enter all of your passwords. What's more, this is where we come across yet another business perspective, too. With fewer passwords needed IT help desks no longer have to spend so many resources on helping users to recover them.

The Disadvantages of Single Sign-on

Since we looked at the advantages of this feature, we should also look at the negative aspects because we have to see why some people say single sign-on is a security risk. Our biggest concern is privacy and our personal data security. Although single sign-on should be a step forward, some claim that when it comes to social media, using this feature might not be such a good idea.

Social media companies often use the OAuth protocol to create single sign-on services. The danger in using these protocols for social media accounts is that developers might accidentally tap into far deeper resources of user data than they should. Not to mention that constant accessing of user data during the development process could eventually expose the user to phishing and cross-site request forgery attacks. So it's not that single sign-on is bad per se, it is how social media companies implement the single sign-on protocols that matters.

Also, another problem is that someone could hack into multiple accounts at once if a username or a password used for the single sign-on service gets compromised. So it's a double-edged sword. It provides you with the seamless account access, but if at least one credential is leaked, cybercriminals could easily slither into multiple accounts.

If we were to look at a more technical issue related to single sign-on, we would find that the authentication process is performed from its identity provider (or IDP). Again, this is where we find one vulnerable point that, if compromised, would make it impossible for users to access their accounts. So, from this, we can see that there are still many aspects of this service to consider, both from the end user's and the developer's perspectives.

Now, if you are thinking of using the 'Sign in with Apple' feature, it's entirely up to you. You can always choose to create your own credentials if you want to do things the old way. However, it is clear that we are going to see different authentication solutions offered increasingly often because companies are scrambling to come up with the best way to protect user's privacy.

By Foley
June 12, 2019
Password Security
English
June 12, 2019
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

How To

How to Keep Your Social Security Number Safe

Our social security numbers (SSN) should be among our most well-guarded secrets. Even though it was originally meant to be used for social security purposes only SSN has become the primary national identification... Read more

August 20, 2018
News

Yale Graduates Learn That Their Social Security Numbers Were Leaked 10 Years Ago

In the event of physical theft, you will most likely notice that your TV is missing. When it comes to the World Wide Web, however, things are a bit different. We've talked in the past about how data breaches often go... Read more

August 6, 2018
Password Security

Your Social Security Number Costs a Few Bucks and Can Be Sold to Anyone

If you believe no one is interested in your personal information, you need to think again. According to Experian, everything from your social security number to your medical records interests cyber hackers, and they... Read more

December 19, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.