Security News & Best Practices

Get the scoop on the latest security threats and how to protect yourself

Is it Safe to Sign into Websites with Your Social Media Account?

You have probably seen the buttons on multiple sites, instructing you to sign in with Facebook, Google, LinkedIn or another social media account of your choice. These sign-in options definitely have some advantages.

Most notably, if you already use at least one of the options, you can save time that you would have otherwise spent setting up a separate account based on your email address. This route saves you time, plus you don’t have to deal with account sprawl, which can take a toll as you try to keep up with different logins and ensure the security of the password for each one.

But are there are also drawbacks to the ubiquitous social sign-in? In theory, a proper connection to your social account is probably safer than manually setting up a new set of login credentials. However, there are risks that you should be aware of as well:

Letting a rogue service access your data

There was a short-lived phishing scam involving Google Docs in May 2017. The linchpin of this scheme was a blink-and-you’ll-miss-it approval request, which is standard when an application asks to access your Google account. In this case, the requester was a fraudulent service, designed to harvest details such as password reset questions, contacts and emails by pretending to be Google Drive.

Always read the fine print of what an application wants access to. Even legitimate services may prompt you for more extensive permissions – e.g., knowing your location at all times, as well as being able to use your phone’s microphone – than you might be comfortable approving.

If you are not using them, turn off the Wi-Fi and Bluetooth on your mobile device so that you limit the amount of tracking you may have unknowingly agreed to. A further step is to revoke the permissions altogether, which can usually be done from the main settings page of the social account in question, where you should be able to view all the external applications that have been connected to your data.

Twitter.Social media accounts such as Twitter are commonly used for universal sign-in.

Putting your data up for sale

Linking a social media account to a news or shopping site can expose more of your data to Google, Facebook, et al. For example, say you log into an e-commerce portal with Facebook. Everything you do there – from clicking on something that looks interesting, to actually purchasing an item – could be combined with your pre-existing Facebook data to create a comprehensive profile of your online behavior.

Plus, the privacy policies of the social networks you use for logging in might stipulate that such data is for sale to third-parties. If you were ever curious about why you get so much spam in your email or why certain advertisements follow you around the web, then this common form of data exchange helps explain the situation.

“Privacy policies might stipulate that your data is for sale to third-parties.”

Another potential concern about this free flow of information between accounts is how it can affect your online security. Specific details skimmed from your social media account – such as where you went to high school or the names of your relatives – may double as answers to the security questions that are widely used as an extra layer of protection beyond the usual username/password combo.

Stay safe with an internet security suite

Fortunately, you can limit your exposure to possible issues with social sign-in through a combination of careful vigilance and technical tools. Unlimited Internet Security from Total Defense offers a secure private data vault to protect your identity, along with robust antivirus capabilities that do not hinder system performance. Learn more by visiting the product overview page.