Online password management tool Dashlane suggests that the average user has at least 90 online accounts. With accounts offering access to everything from online shopping portals to important work platforms, this represents a huge amount of information the average user has to retain in order to complete daily tasks.
This has partly contributed to the increasing popularity of social logins; used by online platforms to allow users to access their services using an existing account. Users can login via their Facebook, Google or other social accounts – removing the need to create yet another online account and remember even more login details.
However, some detractors are concerned that one centralised login can potentially compromise the security of the user and the platform utilising the login method. Simple logic suggests that if an intruder has access to a user’s social login details, they then have access to all their accounts using this method of login.
Without requiring users to keep social login details under lock and key (which would make the process significantly less user-friendly, undermining the technology), platforms utilising social login are encouraged to add extra security layers.
One of the most popular layers of security added to social login is the implementation of multifactor authentication – particularly for high-risk platforms such as financial institutions holding sensitive data of their users.
Multifactor authentication is relatively self-explanatory, requiring the user to complete another login process alongside the social login. One of the most common additional forms of authentication is responding to a text message or email automatically sent when a sign up attempt is made. The platform will alert the user that their account is being used, and will either prompt the user to take further action or disregard the message to continue the login process.
This gives users the opportunity to immediately alert the platform of any suspicious activity in their account, before any unwelcome actions are taken.
Identity and Access Management experts, ProofID, explain the benefits: “Modern multi factor authentication systems typically make use of the users’ smartphones, and offer a highly convenient to significantly improve the security of a social login. This approach can deliver the ideal combination of convenience and security, ensuring that security measures are more robust without compromising the customer journey – reducing the drop-off rate.”
The backing of giants
Creating a bespoke security system can be an incredibly expensive task, out of the reaches for most online businesses without the resources to build a robust and impenetrable system. Social login utilises the security systems of huge organisations such as Facebook and Google who can afford to invest vast sums in security. Using social login can give you access to some of the world’s most advanced security systems at a fraction of the cost of a bespoke model.
With large teams positioned throughout the world dedicated to security, the social giants are constantly monitoring and updating their online security services – helping stay abreast and ahead of developing threats.
Ensuring that users retain total control over the relationship, many social login processes incorporate OAuth technology, which enables access without necessitating the sharing of credentials. This can provide peace of mind to users who may be concerned about the possibility of sharing private information with third parties.
Additionally, Google offer users the ability to view their online activity as line, alerting them to any suspicious activity. This same service would not be offered with a bespoke login to a new platform.
And these security measures will only continue to improve as social login grows more popular and important to the online activity of users all around the world.