As the Social media platform is used widespread, the function to use social logins into websites/apps are becoming the norm as it saves a lot of time than creating an individual account.
How does social logins work?
There are three main players involved in a social login process:
- The User (that’s you!) requesting access to an app or site
- The App or site that the user wants to access
- The Authorizer that confirms your identity and controls access to your data (Facebook, Google, etc.)
A typical social login happens like this:
- The User hits the “Log in with ____” button.
- The App opens a link asking the User to log in to the Authorizer’s site. The link contains information telling the Authorizer which site is making the request.
- The User enters their username and password into the Authorizer’s site, meaning the App never sees your information.
- The Authorizer generates a one-time-use code and sends it to the App.
- The App then sends this code to the Authorizer with a request for access to the Authorizer’s API.
- The Authorizer validates the code and issues the App a token (usually with a time limit) that allows the App to ask the Authorizer for certain user information.
As the user is using mainly secured platforms to login, this alone will keep prying eyes from retrieving your information. These companies prioritise over security and if there is an upcoming issue they will release an update to overcome this. Also by using only one login for all apps/websites means that you don’t have to create multiple passwords causing you to forget these, if you have many.
Privacy issues have been a hot topic especially with companies like Facebook harvesting your data to force your decisions on political and other campaigns. Recently this privacy issue has come to light as now we’re seeing a lot more privacy settings giving you more control on how your data is captured and used. As social logins are a simple way to connect and much faster to sign up with, they will capture some data for example; how often you use and what you use your apps for. If this is something that you would not like to share then I would stay away and just use your email as verification.
There’s another way
Apple have recently released their long awaited ios13 update for the majority of iPhones and iPads. A new feature within this is the ability to sign into website/apps with ‘apple sign in’.
The great advantage with this is that if you don’t want to use your own email, apple will create a temporary one and all emails from the 3rd party’s will be forwarded to your iCloud email. The website and app companies will not know your real email address.
Should you use them
If privacy is very important to you then the obvious answer is a big NO! however with apple launching its new way of signing in, it seems to be a no brainer. Unfortunately many web/app developers have not built this in so you will probably not come across this function anytime soon. All web/app developers have to enable this function by April 2020.
- on September 25, 2019