Using Facebook Login to authenticate to various web sites and services provides the convenience of using a single password. However, when it comes to the security aspect, there are numerous risks that are involved. In this article, we present some of the potential privacy and security problems that can happen.
How Does Facebook Login Work?
Using Facebook or another social network in most cases uses a protocol called 0Auth. The process of authenticating with a web service or site that allows registration and signing in via 0Auth (displaying options such as “Login with Facebook”) follows a set routine. First, the application connects to the social media platform on the user’s behalf. The secure login is done with an exchange token which gives access to the password-protected area. These tokens do not contain your usernames and password. Once you login through your social network, it sends the token to the web service which allows the login to be successful. This is a fairy convenient way as the users do not have to remember any username or password combinations. All of this is extracted from the social network account.
The tokens also manage site permissions. If a site tries to access timeline information without appropriate privileges, then all requests for that action will be denied by the social network. To stop an app from being able to use the Facebook Login users can go to their application settings and click on the “Revoke access” option.
Security implications of Facebook Login
Using the Facebook login authentication method may be convenient for most users however there are some security risks associated with it. Users are advised to review carefully the permissions that they allow to the third-party web services when registering. In many cases, this can prevent data harvesting and other activity that may cause malicious actions against the users. There have been numerous reports of phishing sites and services that imitate legitimate companies and use Facebook login with a lot of permission access granted upon user registration.
Clicking the “Like” buttons on various web sites gives out the public information from the account to the web masters. Several experiments have proven that these can be used to study groups, social behavior, and other personality information.
Malware that hijacks Facebook and Google sessions have attempted to abuse the service with varying success through the years. Security issues can often be found in browser extensions as well. Experts advise all computer users to carefully review the sites that they are logging to through social networks to better protect themselves against phishing threats.