Social Sign On: Beware

Target red whiteA new method of signing on to Internet accounts from your computer is called social sign on. It involves using your existing social networking (Facebook or Twitter) account to sign on to retail shopping and government services accounts. The objective is ease of use. Retailers and other service organizations don’t want you to have to do a time-consuming password reset when you forget your password when signing on to their networks. The thinking here is that if  you are signing on to a retail site to buy an item and you don’t remember your password, then rather than go through the password reset process of waiting for an email to get a link to a password reset page, you’d probably just sign on to another retailer’s website instead.

This line of thinking by the retailers is based on their belief that their customers, current and future, have too many passwords to remember. These retailers also know that password managers are not used properly by these same customers, so that solution is not working well.

Facebook and Twitter have increased their number of accounts tremendously since introducing other websites to the use of social sign on and encouraging them to offer it to their customers.

The bottom line here is that social sign on is another example of how Internet users will opt for convenience over security…just about every time.

Social sign on may be a great convenience to Internet computer users, and it might even be an answer to remembering (or not) up to 40 passwords per person. However, from an Internet security point of view, it’s a disaster waiting to happen.

First, it flies in the face of the security practice of not using the same password for multiple accounts. If Facebook or Twitter are successfully attacked and your password and login are stolen, it can be used for all the accounts for which you use social sign on. This vulnerability can also be attributed to cloud-based password manager apps…but that’s a subject for another article.

Facebook and Twitter are already targets of cyber crime organizations for many reasons, see Target: Social Networking Sites and Trojan stole over 16,000 Facebook credentials. But they’ll quickly become a new crime “industry” if a cyber attack on them will produce multiple retail account access for every member who uses social sign on. These retail accounts are a virtual goldmine for the crooks. They usually provide access to your credit and debit card information, the ability to fraudulently purchase using your credit/debit cards, and enough personal information to steal your identity.

My advice is to not use social sign on with any Internet website…period.

Reference: The Guardian article

Be very careful…it’s dangerous out there.

Please comment on this article; we all learn from each other when our views and opinions are shared.

I hope you enjoyed this article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.

Remember, personal computing is a blast…keep it productive and enjoyable.

Best regards,

Paul

paulsinternetsecurity(at)yahoo.com

I’m also on Twitter, @PaulsInternet.

Images courtesy of FreeDigitalPhotos.net and FreeByte.com

Advertisements

Leave a comment

Filed under Cybercrime, Facebook, Internet Security, Social Networking, Warning

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s