As consumers across the globe sprint through what retailers see as “the most wonderful time of the year,” many online businesses now give you the option to sign in using credentials from a social networking site. But how much do you really know about this authentication method?
Admittedly, the first time I was presented with the option to sign in using my Facebook credentials, I was somewhat hesitant. After all, those of us who work in the security industry almost always choose caution when it comes to our credentials.
Today, registering and authenticating via what's called “social sign-in” or “social login” has moved firmly into the mainstream. You can simply click to sign in to a site using your Facebook credentials; it's just so convenient.
The truth is, far too many consumers never take the time to educate themselves on how it works, who offers it, how many people use it, and if it provides the level of security they need. With the holiday shopping season in full swing, now is the time get informed.
How Social Sign-in Works
With social sign-in, an online business can add a widget or plug-in for the registration and authentication service from one of many social networking sites to their site. Any visitors to their site can then register or sign in using the same credentials they use to sign in to the social networking site. Because not everyone wants to use social sign-in, most companies also allow users to register or sign in with site-specific credentials.
According to a report from Gigya covering the relative share of social sign-ins from the various players in the space, Facebook accounted for 66 percent of all social sign-ins worldwide in Q2 2015. Google+ was the next highest with only 20 percent. Twitter, Yahoo and LinkedIn trailed with single-digit shares. Interestingly, and not surprisingly, Amazon and PayPal have begun taking a greater share of social sign-ins for e-commerce sites.
You can look at this from two different perspectives:
- What age group tends to use social sign-in the most?
- What was the device, as indicated by OS, that they use it from most?
As with the adoption of any new technology, the age group that has adopted it most is, of course, Millennials. LoginRadius found that, in the first quarter of last year, 28 to 30 percent of Millennials used social sign-in. Gen Xers, Baby Boomers, and older groups all used the authentication method at the same levels—21 percent.
The data revealed another interesting trend: Windows users use social sign-in the most, though it dropped by half (from 85 percent to 40 percent) from 2013 to 2015. Android users used it increasingly over that time period (from 2 percent to 25 percent). Apple users remained almost unchanged, remaining at around 20 percent usage across the two-year time period.
Security Levels of Social Sign-in
Wikipedia’s entry for social sign-in cites a 2012 report that found major security vulnerabilities in many of the popular social sign-in offerings. It also points out the obvious concern about social sign-in as an authentication method: Social sign-in sets up a situation where a single point of failure in security can lead to far-reaching damage.
That's precisely what occurred for Netflix earlier this year when breaches at social sites led them to inform customers that their data may have been compromised and to ask them to modify their sign-in credentials.
Convenience Versus Security
This brings us to a basic question:
Is the convenience of using social sign-in as an authentication method worth the security risks it introduces?
Of course, it depends on the individual. One important thing to keep in mind is that, when using social sign-in, very often the process gives retailers access to your information and, in some cases, the information of the folks linked to you by the sign-in provider’s company. Specifically, with Facebook, using social sign-in “shares” a portion of your digital consumer identity and that of all of your friends.
In the end, it boils down to what you’re willing to give up for the convenience of social sign-in for your various accounts.
Shop wisely, my friends.
iovation is a leading provider of multifactor authentication and online fraud detection / prevention solutions to help prevent ecommerce fraud, online banking fraud, insurance fraud, account takeover fraud, and other common types of internet fraud.