Social login

Social login is a form of single sign-on using existing information from a social networking service such as Facebook, Twitter or Google, to login to a third party website instead of creating a new login account specifically for that website. It is designed to simplify logins for end users as well as provide more reliable demographic information to web developers.[1]

How social login works

Social login links accounts from one or more social networking services to a website, typically using either a plug-in or a widget.[2] By selecting the desired social networking service, the user simply uses his or her login for that service to sign on to the website. This, in turn, negates the need for the end user to remember login information for multiple electronic commerce and other websites while providing site owners with uniform demographic information as provided by the social networking service. Many sites which offer social login also offer more traditional online registration for those who either desire it or who do not have an account with a compatible social networking service (and therefore would be precluded from creating an account with the website).

Application

Social login can be implemented strictly as an authentication system using standards such as OpenID or SAML. For consumer websites that offer social functionality to users, social login is often implemented using the OAuth standard. OAuth is a secure authorization protocol which is commonly used in conjunction with authentication to grant 3rd party applications a "session token" allowing them to make API calls to providers on the user's behalf. Sites using the social login in this manner typically offer social features such as commenting, sharing, reactions and gamification.

While social login can be extended to corporate websites,[3] the majority of social networks and consumer-based identity providers allow self-asserted identities. For this reason, social login is generally not used for strict, highly secure applications such as those in banking or health.

Advantages of social login

Studies have shown that website registration forms are inefficient as many people provide false data, forget their login information for the site or simply decline to register in the first place. A study conducted in 2011 by Janrain and Blue Research found that 77 percent of consumers favored social login as a means of authentication over more traditional online registration methods.[4] Additional benefits:

Targeted Content
Web sites can obtain a profile and social graph data in order to target personalized content to the user. This includes information such as name, email, hometown, interests, activities, and friends. However, this can create issues for privacy, and result in a narrowing of the variety of views and options available on the internet.
Multiple Identities
Users can log into websites with multiple social identities allowing them to better control their online identity.[5]
Registration Data
Many websites use the profile data returned from social login instead of having users manually enter their PII (Personally Identifiable Information) into web forms. This can potentially speed up the registration or sign-up process.
Pre-validated Email
Identity providers who support email such as Google and Yahoo! can return the user's email address to the 3rd party website preventing the user from supplying a fabricated email address during the registration process.
Account linking
Because social login can be used for authentication, many websites allow legacy users to link pre-existing site account with their social login account without forcing re-registration.

Disadvantages of social login

Utilizing social login through platforms such as Facebook may unintentionally render third-party websites useless within certain libraries, schools, or workplaces which block social networking services for productivity reasons. It can also cause difficulties in countries with active censorship regimes, such as China and its "Golden Shield Project", where the third party website may not be actively censored, but is effectively blocked if a user's social login is blocked.[6]

There are several other risks that come with using social login tools. These logins are also a new frontier for fraud and account abuse as attackers use sophisticated means to hack these authentication mechanisms.[7] This can result in an unwanted increase in fraudulent account creations, or worse; attackers successfully stealing social media account credentials from legitimate users. One such way that social media accounts are exploited is when users are enticed to download malicious browser extensions that request read and write permissions on all websites. These users are not aware that later on, typically a week or so after being installed, the extensions will then download some background Javascript malware from its command and control site to run on the user's browser. From then on, these malware infected browsers can effectively be controlled remotely. These extensions will then wait until the user logs into a social media or another online account, and using those tokens or credentials will sign up for other online accounts without the rightful user's express permission.

Security

In March 2012, a research paper[8] reported an extensive study on the security of social login mechanisms. The authors found 8 serious logic flaws in high-profile ID providers and relying party websites, such as OpenID (including Google ID and PayPal Access), Facebook, Janrain, Freelancer, FarmVille, Sears.com, etc. Because the researchers informed ID providers and the third party websites that relied on the service prior to public announcement of the discovery of the flaws, the vulnerabilities were corrected, and there have been no security breaches reported.[9] This research concludes that the overall security quality of SSO deployments seems worrisome.

Moreover, social logins are often implemented in an insecure way. Users, in this case, have to trust every application which implemented this feature to handle their identifier confidentially. [10]

Furthermore, by placing reliance on an account which is operable on many websites, social login creates a single point of failure, thus considerably augmenting the damage that would be caused were the account to be hacked.

List of providers

Here is a list of services that provide social login features which they encourage other websites to use. Related are federated identity login providers.

See also

References

  1. ^ Social Login: A Data Capture Game Changer(accessed 21 December 2011).
  2. ^ Ngemera, Eusebius (2017-01-31). "Social Logins—what info you give away!". eusebius.tech. Retrieved 2017-05-06.
  3. ^ "Integrate Social Networks with your Corporate Website with Social Sign On" - Altimeter Group, September 27, 2010
  4. ^ Social Media Marketing: Social login or traditional website registration? MarketingSherpa, January 12, 2012
  5. ^ "The Social Web's Big New Theme for 2011: Multiple Identities for Everyone" - AllThingsD, January 1, 2011
  6. ^ Laurenson, Lydia (3 May 2014). "The Censorship Effect". TechCrunch. Retrieved 27 February 2015.
  7. ^ Safruti, Ido (18 October 2017). "Simple Social Login for Users and Attackers". infosecurity. Retrieved 14 November 2017.
  8. ^ Rui Wang; Shuo Chen & XiaoFeng Wang (May 2012). "Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services".
  9. ^ "OpenID: Vulnerability report, Data confusion" - OpenID Foundation, March 14, 2012
  10. ^ "Social Login Setups – The Good, the Bad and the Ugly" - CloudRail, August 2, 2016

Further reading

Read other articles:

Bank Toronto-Dominion

TD Bank GroupKode emitenNYSE: TDTSX: TDS&P/TSX 60 componentIndustriJasa keuanganKantorpusatKanadaWilayah operasiSeluruh duniaPendapatan $29.9 milyar CAD(F2014)[1]Laba bersih $7.7 milyar CAD(F2014)[1]Total aset $944.7 milyar CAD (F2014)[1]Karyawan85.000 (FTE, F2014)[2]Situs webwww.forbes.com/companies/td-bank-group/ TD Bank Group adalah sebuah perusahaan asal Kanada yang bergerak di sektor finansial.[3] Industri yang menjadi fokus utama TD Bank ...

 

 

Jason Zhang

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages) This article may be written from a fan's point of view, rather than a neutral point of view. Please clean it up to conform to a higher standard of quality, and to make it neutral in tone. (April 2019) (Learn how and when to remove this template message) This biography of a living person needs additional citations for verification. Please hel...

 

 

العلاقات الأوغندية المدغشقرية

العلاقات الأوغندية المدغشقرية أوغندا مدغشقر   أوغندا   مدغشقر تعديل مصدري - تعديل   العلاقات الأوغندية المدغشقرية هي العلاقات الثنائية التي تجمع بين أوغندا ومدغشقر.[1][2][3][4][5] مقارنة بين البلدين هذه مقارنة عامة ومرجعية للدولتين: وجه المقار...

العلاقات الفرنسية المالية

العلاقات الفرنسية المالية فرنسا مالي   فرنسا   مالي تعديل مصدري - تعديل   العلاقات الفرنسية المالية هي العلاقات الثنائية التي تجمع بين فرنسا ومالي.[1][2][3][4][5] مقارنة بين البلدين هذه مقارنة عامة ومرجعية للدولتين: وجه المقارنة فرنسا مالي المس�...

 

 

Первородный грех

Об экономическом термине см. Первородный грех (экономика). ХристианствоБиблия Ветхий Завет Новый Завет Евангелие Десять заповедей Нагорная проповедь Апокрифы Бог, Троица Бог Отец Иисус Христос Святой Дух История христианства Апостолы Хронология христианства Ран�...

 

 

Baltimore Banners

Defunct tennis team in Maryland, US Baltimore BannersSportTeam tennisFoundedMay 22, 1973 (1973-05-22)FoldedFebruary 1, 1975 (1975-02-01)LeagueWorld TeamTennisDivisionEasternBased inBaltimore, MarylandStadiumBaltimore Civic CenterColorsRed, White, Blue     OwnerHoward Fine, Gerald Klauber, Joseph Rivkin, Robert E. Bradley, Jr.Head coachDon CandyChampionshipsNoneDivision titlesNonePlayoff berthsNone The Baltimore Banners were a charter franchise of W...

Battle of Trevilian Station

Battle of the American Civil War Battle of Trevilian StationPart of the American Civil WarDateJune 11, 1864 (1864-06-11) – June 12, 1864 (1864-06-12)LocationLouisa County, Virginia38°02′59″N 78°03′58″W / 38.04973°N 78.06604°W / 38.04973; -78.06604Result See aftermathBelligerents United States  Confederate StatesCommanders and leaders Philip Sheridan Alfred T. A. Torbert David McM. Gregg Wade Hampton Fitzhugh LeeStren...

 

 

The Maltese Falcon (1931 film)

1931 American crime film For the movie starring Humphrey Bogart, see The Maltese Falcon (1941 film). Maltese Falcontheatrical release posterDirected byRoy Del RuthScreenplay byBrown HolmesMaude FultonLucien Hubbard (uncredited)[1][2]Based onThe Maltese Falcon1930 novelby Dashiell HammettStarringBebe DanielsRicardo CortezCinematographyWilliam ReesEdited byGeorge MarksProductioncompanyWarner Bros.Distributed byWarner Bros.Release date June 13, 1931 (1931-06-13) Ru...

 

 

Années 280

Chronologies Données clés 280 281 282 283 284285 286 287 288 289Décennies :250 260 270  280  290 300 310Siècles :Ier IIe  IIIe  IVe VeMillénaires :-IIe -Ier  Ier  IIe IIIe Calendriers Romain Chinois Grégorien Julien Hébraïque Hindou Hégirien Persan Républicain modifier Les années 280 couvrent la période de 280 à 289. Événements Martyre de Saint Maurice, toile d'El Greco, 1580-1582 Vers 280 : en Gaule, devant la menace des invas...

Dewan Perwakilan Rakyat Daerah Kabupaten Pasaman

Dewan Perwakilan Rakyat Daerah Kabupaten PasamanDewan Perwakilan Rakyat Kabupaten Pasaman2019-2024JenisJenisUnikameral SejarahSesi baru dimulai12 Agustus 2019PimpinanKetuaBustomi, S.E. (Gerindra) sejak 25 September 2019 Wakil Ketua IDanny Ismaya, S.P (PKS) sejak 25 September 2019 Wakil Ketua IIYasri (Golkar) sejak 18 Oktober 2019 KomposisiAnggota35Partai & kursi  PDI-P (1)   NasDem (3)   PKB (4)   Hanura (1)   Demokrat (4) ...

 

 

Plant morphology

Study of the structure of plants Phytomorphology is the study of the physical form and external structure of plants.[1] This is usually considered distinct from plant anatomy,[1] which is the study of the internal structure of plants, especially at the microscopic level.[2] Plant morphology is useful in the visual identification of plants. Recent studies in molecular biology started to investigate the molecular processes involved in determining the conservation and div...

 

 

Real Steel

Real SteelLogo del filmTitolo originaleReal Steel Lingua originaleinglese Paese di produzioneStati Uniti d'America Anno2011 Durata122 minuti Rapporto2,35:1 Generesportivo, drammatico, fantascienza RegiaShawn Levy SoggettoRichard Matheson (racconto)Dan Gilroy, Jeremy Leven SceneggiaturaJohn Gatins ProduttoreShawn Levy, Susan Montford, Don Murphy Produttore esecutivoSteven Spielberg, Robert Zemeckis, Dan Lin, Josh McLaglen, Mary McLaglen, Jack Rapke, Steve Starkey Casa di produzioneDrea...

Diyego Malaniya

Artikel ini sebatang kara, artinya tidak ada artikel lain yang memiliki pranala balik ke halaman ini.Bantulah menambah pranala ke artikel ini dari artikel yang berhubungan atau coba peralatan pencari pranala.Tag ini diberikan pada November 2022. Diyego MalaniyaInformasi pribadiNama lengkap Diyego Tengizovich MalaniyaTanggal lahir 11 Februari 1991 (umur 33)Tinggi 1,85 m (6 ft 1 in)Posisi bermain BekInformasi klubKlub saat ini FC Znamya Truda Orekhovo-ZuyevoKarier senior*Tah...

 

 

Повітряні сили Збройних сил України

Ця стаття потребує додаткових посилань на джерела для поліпшення її перевірності. Будь ласка, допоможіть удосконалити цю статтю, додавши посилання на надійні (авторитетні) джерела. Зверніться на сторінку обговорення за поясненнями та допоможіть виправити недоліки. Мат...

 

 

NGC 4237

Galaxy in the constellation Coma Berenices NGC 4237HST image of NGC 4237.Observation data (J2000 epoch)ConstellationComa BerenicesRight ascension12h 17m 11.4s[1]Declination15° 19′ 26″[1]Redshift0.002892[1]Heliocentric radial velocity867 km/s[1]Distance59 Mly (18.1 Mpc)[1]Group or clusterVirgo ClusterApparent magnitude (V)12.4[1]CharacteristicsTypeSAB(rs)bc, LINER[1]Size~50,100 ly (15.35 ...

哈萨克斯坦总统

此条目序言章节没有充分总结全文内容要点。 (2019年3月21日)请考虑扩充序言,清晰概述条目所有重點。请在条目的讨论页讨论此问题。 哈萨克斯坦總統哈薩克總統旗現任Қасым-Жомарт Кемелұлы Тоқаев卡瑟姆若马尔特·托卡耶夫自2019年3月20日在任任期7年首任努尔苏丹·纳扎尔巴耶夫设立1990年4月24日(哈薩克蘇維埃社會主義共和國總統) 哈萨克斯坦 哈萨克斯坦政府...

 

 

Laut Natuna

Artikel ini membutuhkan rujukan tambahan agar kualitasnya dapat dipastikan. Mohon bantu kami mengembangkan artikel ini dengan cara menambahkan rujukan ke sumber tepercaya. Pernyataan tak bersumber bisa saja dipertentangkan dan dihapus.Cari sumber: Laut Natuna – berita · surat kabar · buku · cendekiawan · JSTOR (September 2020)Laut NatunaLaut Natuna yang mengelilingi provinsi Kepulauan Riau.Laut NatunaKoordinat1°N 107°E / 1°N 107°E&#...

 

 

Pandemi Covid-19 di Illinois

Pandemi COVID-19 di Illinois   Tidak ada kasus terkonfirmasi yang dilaporkan   <5 kasus terkonfirmasi   5-49 kasus terkonfirmasi   50-199 kasus terkonfirmasi   200-499 kasus terkonfirmasi   500-999 kasus terkonfirmasi   1.000+ kasus terkonfirmasiPenyakitCOVID-19Galur virusSARS-CoV-2LokasiIllinois, Amerika SerikatKasus pertamaChicagoTanggal kemunculan24 Januari 2020(4 tahun, 4 bulan dan 3 minggu)AsalWuhan, ...

Romanian Open 2024

Romanian Open 2024Sport Tennis Data15 – 21 aprile Edizione25ª CategoriaATP Tour 250 SuperficieTerra rossa LocalitàBucarest, Romania ImpiantoNăstase & Marica Sports Club CampioniSingolare Márton Fucsovics Doppio Sadio Doumbia / Fabien Reboul 2016 Il Romanian Open 2024, ufficialmente Țiriac Open per motivi di sponsorizzazione, è stato un torneo di tennis giocato sulla terra rossa. È stata la 25ª edizione dell'evento (disputato dopo la sua ultima edizione nel 2016),[1] face...

 

 

Daftar Duta Besar Amerika Serikat untuk Tiongkok

Duta Besar Amerika Serikat untuk TiongkokSegel Kementerian Dalam Negeri Amerika SerikatDicalonkan olehPresiden Amerika SerikatDitunjuk olehPresidendengan nasehat Senat Berikut ini adalah daftar Duta Besar Amerika Serikat untuk Tiongkok Daftar Nama Potret Leonard Woodcock Arthur W. Hummel Jr. Winston Lord James Lilley J. Stapleton Roy Jim Sasser Joseph Prueher Clark T. Randt Jr. Jon Huntsman Jr. Gary Locke Max Baucus Terry Branstad Referensi United States Department of State: Background notes ...