Single Sign-On Feature on Social Media Platforms Is a Security Threat

These days, it is not a matter of whether you have any kind of account online. It's the question of how MANY accounts you have. The more accounts you have, the more bothersome the sign-on processes become because you have to remember all those logins and passwords. Of course, you can always use a password manager tool to make the process easier and smoother, but not everyone resorts to that. Therefore, today, we would like to talk about another feature that offers you ease of access to multiple accounts on social media and elsewhere, namely, the single sign-on feature.

What is Single Sign-on?

You can think of the single sign-on as a universal identity card that allows you to access all of your personal accounts at once. To use a more tech-savvy lingo, single sign-on is an access control tool intended for multiple independent systems. These systems are usually related, and this is how one single sign-on works for all of them.

Like most of the authentication solutions, there are advantages and disadvantages to single sign-on. You will definitely find researchers who say that single sign-on is a security risk. However, there are others who will maintain that it is perfect for reducing the password fatigue issue, and some platforms are even migrating towards the wide-spread application of the single sign-on feature in order to stop relying on passwords so much.

For instance, just recently, Apple rolled out with a new 'Sign in with Apple' feature, thus virtually turning Apple into the privacy-as-a-service company. Technically, the new feature should help users access several platforms and accounts using their Apple credentials. It is still not clear how well this feature will work, but it definitely shows that companies are moving forward with personal authentication, and they are trying to come up with different solutions.

Single Sign-on Types

Of course, users employ tons of different devices to access their accounts, and so there are different sorts of single sign-on solutions. The main three types include web, mobile, and federated single sign-on. Web single sign-on encompasses family websites that allow their customers to access umbrella sites using the same credentials. Mobile single sign-on is almost the same as the web one, you just use a mobile device to access the account as opposed to a desktop.

Finally, federated single sign-on employs industry-standard protocols (like SAML, JWT, OpenID, etc.) that virtually dismiss authentication barriers across different sites and users can access accounts almost seamlessly. This happens because your login credentials are held by partners, not individual websites.

The Advantages of Single Sign-on

Probably, the very first advantage that you can think of is that single sign-on relieves you of memorizing multiple passwords. It also ensures seamless user experience because you don't need to authenticate your identity each time you access one site or the other. You simply browse from one page to another without even bothering to re-confirm your identity time and again.

From the business perspective, single sign-on also allows unifying customer profiles. Instead of having multiple profiles across different platforms, the feature gives a centralized view of the same customer. As a result, it is practical and economical.

Single sign-on advocates will also tell you that it's better to use this feature because you don't need to rely on a third-party to manage or store your passwords. This is definitely debatable because security experts who think that single sign-on is a security risk would rather offer to employ a password manager instead. However, it is definitely certain that single sign-on reduces password fatigue, as we have mentioned already.

Users no longer need to come up with different password combinations for multiple accounts, and this feature also saves your time because you no longer need to re-enter all of your passwords. What's more, this is where we come across yet another business perspective, too. With fewer passwords needed IT help desks no longer have to spend so many resources on helping users to recover them.

The Disadvantages of Single Sign-on

Since we looked at the advantages of this feature, we should also look at the negative aspects because we have to see why some people say single sign-on is a security risk. Our biggest concern is privacy and our personal data security. Although single sign-on should be a step forward, some claim that when it comes to social media, using this feature might not be such a good idea.

Social media companies often use the OAuth protocol to create single sign-on services. The danger in using these protocols for social media accounts is that developers might accidentally tap into far deeper resources of user data than they should. Not to mention that constant accessing of user data during the development process could eventually expose the user to phishing and cross-site request forgery attacks. So it's not that single sign-on is bad per se, it is how social media companies implement the single sign-on protocols that matters.

Also, another problem is that someone could hack into multiple accounts at once if a username or a password used for the single sign-on service gets compromised. So it's a double-edged sword. It provides you with the seamless account access, but if at least one credential is leaked, cybercriminals could easily slither into multiple accounts.

If we were to look at a more technical issue related to single sign-on, we would find that the authentication process is performed from its identity provider (or IDP). Again, this is where we find one vulnerable point that, if compromised, would make it impossible for users to access their accounts. So, from this, we can see that there are still many aspects of this service to consider, both from the end user's and the developer's perspectives.

Now, if you are thinking of using the 'Sign in with Apple' feature, it's entirely up to you. You can always choose to create your own credentials if you want to do things the old way. However, it is clear that we are going to see different authentication solutions offered increasingly often because companies are scrambling to come up with the best way to protect user's privacy.

June 12, 2019

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 2 + 6 ?