Using Facebook, Google or other Social Login Services

By  now, almost all of us have done this - When trying to access a new service, you are given the option to create another account in the new service/website or login using your Facebook, Google or other social account.  Why create another account with yet another username and password to remember?  This is much easier!

From a usability perspective, this is certainly an easier and quicker option, and a big "security plus" is that you don't need to worry about your password getting hacked in the new service since the new service doesn't have access to or store your password.

However, you should consider how secure your Facebook, Google or other social media account is before tying it to other accounts.  If your (i.e.) Facebook account isn't properly secured, then you are increasing your exposure if hacked by tying other accounts to it.

Key considerations:

  • Is my password complex?  if the answer is no, change it and make it complex.
  • Do I use the same email address and password to login elsewhere?  This is a big "security no-no".  Change you password before trying the same credentials to another account!  (And remember, using your UNH email address and/or password in a non UNH/USNH service is against USNH security policy. )
  • Do I have two-factor authentication enabled?  Enabling a second authentication factor (i.e. one-time numerical tokens on a smart phone) reduces risk and prevents a hacker from accessing your account even if they know your password.

 Facebook, Google and many other services let you require two-factor authentication to sign in to your account from unverified computers or devices.  If someone logs into your account with the correct password but from an unverified computer or device, a code is sent to your mobile phone.  This code must be provided to gain access to your account.  This prevents a hacker that knows your password from gaining access.

http://www.cnet.com/how-to/how-to-enable-two-factor-authentication-on-popular-sites/

Beyond security, you should also consider privacy when using social logins. While you will not be sharing your password with a service you login to using Facebook, Google, etc., you will be sharing parts of your social identity. Make sure you read the fine print and are aware of the access you are providing to the new service.

Custom Fields
  • Department: Information Security Services
Attached Files
There are no attachments for this article.
Related Articles RSS Feed
SEED: Safe Electronic Equipment Disposal Instructions
Viewed 2515 times since Mon, Apr 27, 2015
Tips to Avoid Malware
Viewed 1144 times since Thu, May 7, 2015
UNH Campus Virus Protection
Viewed 20535 times since Wed, Aug 12, 2015
Things to Consider if Your UNH Account has been Compromised
Viewed 490 times since Wed, Aug 16, 2017
PCI DSS - Payment Card Security
Viewed 1883 times since Thu, May 7, 2015
Good Security Practices to Adopt at Work/School, and at Home
Viewed 674 times since Fri, Jul 14, 2017
ESI: Electronically Stored Information Procedures
Viewed 1847 times since Wed, Apr 29, 2015
Encryption & Virus Protection
Viewed 2979 times since Wed, Apr 29, 2015
Vendor Contracts: Privacy Considerations, Security Review, and NDA
Viewed 2194 times since Mon, May 4, 2015
FAQs- System Center 2012 Endpoint Protection, Microsoft Security Essentials, and Windows Defender
Viewed 4318 times since Wed, Aug 12, 2015