Social login is a single sign-on form using existing information from social networking services like Facebook, Twitter or Google, to log in to third-party websites instead of creating a new login account specifically for that website. It's designed to simplify login for end users and provide more reliable demographic information to web developers.
Social logins are often considered a gateway to many of the latest trends in social software and social commerce as they can be used as a mechanism for authentication and authorization.
Video Social login
Social login accounts link accounts from one or more social networking services to websites, typically using plug-ins or widgets. By selecting the desired social networking service, users only use their login for that service to log in to the website. This, in turn, eliminates the need for end users to remember incoming information for some electronic commerce and other websites while providing site owners with uniform demographic information such as those provided by social networking services. Many sites that offer social login also offer more traditional online signups for those who want them or who do not have accounts with compatible social networking services (and therefore will not be allowed to create accounts on websites).
Maps Social login
Apps
Social logs can be strictly applied as standard using authentication systems such as OpenID or SAML. For consumer websites offering social functionality to users, social login is often implemented using OAuth standards. OAuth is a secure authorization protocol typically used in conjunction with authentication to provide third-party "session token" apps that allow them to place API calls to providers on behalf of users. Sites that use social login in this way usually offer social features like commenting, sharing, reactions, and gamification.
While social logins can be extended to corporate websites, the majority of social networks and consumer-based identity providers allow identity. For this reason, social logins are generally not used for tight and highly secure applications such as banking or health.
Research has shown that website signup forms are not efficient because many people provide fake data, forgot their login information for a site or simply refuse to register in the first place. A study conducted in 2011 by Janrain and Blue Research found that 77 percent of consumers liked social logging as an authentication tool over more traditional online signup methods. Additional benefits:
- Content Targets - Websites can derive social and profile graphic data to target personalized content to users. This includes information such as names, emails, hometowns, interests, activities, and friends. However, this can cause problems for privacy, and result in narrowing of the various views and options available on the internet.
- Multiple Identities - Users can log in to websites with multiple social identities that allow them to better control their online identity.
- Registration Data - Many websites use profile data generated from social login instead of having users manually enter PII (Personal Identity Information) into web forms. This could potentially speed up the registration or registration process.
- Validated email - Email-enabled identity providers like Google and Yahoo! can return a user's email address to a 3rd party website that prevents users from providing a fake email address during the registration process.
- Linking accounts - Since social login can be used for authentication, many websites allow older users to link an existing site account with their social login account without enforcing re-enrollment.
Utilizing social logins through platforms like Facebook can inadvertently make third-party websites useless in certain libraries, schools, or workplaces that block social networking services for productivity reasons. It can also cause difficulties in countries with an active censorship regime, such as China and the "Golden Shield Project," where third-party websites may not be actively censored, but are effectively blocked if a user's social login is blocked.
There are several other risks that come with using social logon. This login is also a new limit for fraud and account abuse because attackers use sophisticated means to hack this authentication mechanism. This can lead to an unwanted increase in fake account creation, or worse; an attacker managed to steal social media account credentials from legitimate users. One way that social media accounts are used is when a user is interested in downloading a malicious browser extension asking for read and write permission on all websites. This user does not realize that later, usually a week or so after installation, the extension will then download some of the Javascript background malware from the command and control sites to run in the user's browser. Since then, these malware-infected browsers can be effectively controlled remotely. This extension will then wait until the user logs in to social media or another online account, and uses that token or credential to sign up for another online account without the explicit permission of the authorized user.
Social login applications that are compatible with many social networking services are available for web developers using blogging platforms like WordPress. Companies such as Gigya, Janrain, Oneall.com, Lanoba.com, and LoginRadius also provide a single social login solution solution for web developers. These companies can provide social access to 20 or more social networking sites.
Security
In March 2012, a research paper reported an extensive study of the security of social entry mechanisms. The authors found 8 serious logic errors in high profile ID providers and relying party websites, such as OpenID (including Google ID and PayPal Access), Facebook, Janrain, Freelancer, Farmville, Sears.com, etc. Because researchers tell the ID providers and third-party websites that rely on the service before the public announcement of the discovery of vulnerabilities, the vulnerability is corrected, and no reported security breaches. This study concludes that the overall security quality of SSO deployment seems alarming.
In addition, social logins are often executed in an insecure way. The user, in this case, must trust any application that implements this feature to handle their identifiers confidentially.
Furthermore, by placing a reliance on accounts that can be operated on many websites, a social login creates a single point of failure, thus greatly adding to the damage that will result in an account being hacked.
- AOL
- Disqus
- Foursquare
- Hyves
- LiveJournal
- Myspace
- Paypal
- Plurk
- Telegram
- Renren (???)
- Sina Weibo
- Vkontakte (?????????)
- WordPress
- Yahoo!
- ForgeRock
- Firebase
- Gigya
- Janrain
- LoginRadius
See also
- Single sign-on
- Authentication vs. Authorization
References
Further reading
- "Social Sign-On: What's it and How Does it Benefit Your Website?" - Social Technology Review; January 10, 2011
- "The Importance of Consumer Identity" - Windows IT Pro, 2/28/2011.
- "Pepsi and The X Factor embrace gamification with The Pepsi Sound Off" - VentureBeat; October 18, 2011
- "Social Login 101" - Gigya Blog; November 25, 2015
Source of the article : Wikipedia
0 Comments