Post by: James Frew | Make Use Of | Published on: 09/27/2016
Over the summer Pokemon Go became one of the most successful mobile games of all time. You may have seen some of the alarming stories that the game required full Google account access, potentially allowing them to see and modify everything in your account.
It seems the problem was overblown and that Niantic was using an old version of Google’s shared sign-on service. They had never accessed more than your name and email address.
Once a fix was rolled out, everyone moved on. Despite scaring everybody, it did make people pay attention to what data they give away when using social logins.
What Are Social Logins?
You’ve probably seen the buttons before. You’ve try to login to a website and are presented with a collection of buttons that say “Login with…”
When you use one of those magical buttons, you login with an identity you have created on another site. This saves you from having to create yet another password for the new site.
There are two standards that make it easy for your favorite websites to add social login: OAuth and OpenID. OAuth allows you to authorize apps and websites to access your data from another website, whereas OpenID allows you to identify yourself to an app or website.
Google: What’s Connected?
Google holds an incredibly large amount of personal data, especially if you use their integrated services on an Android phone. Rogue apps can be a huge danger here, so it’s vital you protect your primary account.
After browsing the list of connected apps in Google’s Security settings, review what permissions an app has been granted. You can then remove any unused or suspicious looking apps.
Facebook: What’s Connected?
Despite the widely held view that Facebook doesn’t value your privacy, they actually give you the most options. Facebook lists the apps connected to your account, and you can edit which permissions you grant, even after first connection.
If you’ve been using Login With Facebook for a while then it’s a good idea to check that you are happy with the apps and the permissions they have.
Twitter: What’s Connected?
Unlike Facebook you can’t go back and change which permissions each app has. Although you are able to Revoke Access to any apps you don’t want connected to your account.
Why Would You Want to Use Social Login?
Signing in with an OAuth provider awards an “access token” granting the app access to the approved information. This allows you to edit permissions when you login and potentially whenever you want in your account settings.
What About Your Privacy?
As the saying goes — if it’s free then you are the product. To get the speed and convenience of the improved login you do trade some amount of your data.
You should be aware that your provider will be tracking every site you use with their login. They won’t know what you do on that site, but they’ll know you were there.
Check Permissions With MyPermissions
I found that using the MyPermissions website was the best way to analyze the social accounts. Meanwhile, the mobile app was great at analyzing permissions granted to installed apps.
Don’t Get Hooked by Phishing
This may mean your login information is compromised, allowing the hacker full access to your accounts. This becomes even more of a problem if you’ve used the same password on many sites. Phishing is becoming increasingly complex but you can learn to spot a potential attack.
Beware the Single Point of Failure
Using two factor authentication is one of the best ways to protect your accounts against SPF. Many sites also allow you to create a local website password in addition to your social login. This means that you can disconnect the affected account after logging in with your email and password instead.
Delve Into the Details
Sometimes it’s easier just to stick to email and create secure passwords and store them in a password manager. No need to worry about remembering hundreds of passwords, and then you avoid some of the pitfalls of social logins.
Reference Article: http://www.makeuseof.com/tag/using-social-login-take-steps-secure-accounts/