Social login

Social login, also known as social sign-in, is a form of single sign-on using existing information from a social networking service such as Facebook, Twitter or Google+, to sign into a third party website instead of creating a new login account specifically for that website. It is designed to simplify logins for end users as well as provide more and more reliable demographic information to web developers.[1]

Social login is often considered a gateway to many of the recent trends in social software and social commerce because it can be used as a mechanism for both authentication and authorization.

How social login works

Social login links logins to one or more social networking services to a website, typically using either a plug-in or a widget. By selecting the desired social networking service, the user simply uses his or her login for that services to sign on to the web site. This in turn negates the need for the end user to remember login information for multiple electronic commerce and other websites while providing site owners with uniform demographic information as provided by the social networking service. Many sites which offer social login also offer more traditional online registration for those who either desire it or who do not have an account with a compatible social networking service (and therefore would be precluded from creating an account with the website).

Application

Social login can be implemented strictly as an authentication system using standards such as OpenID or SAML. For consumer websites that offer social functionality to users, social login is often implemented using the OAuth standard. OAuth is a secure authorization protocol which is commonly used in conjunction with authentication to grant 3rd party applications a "session token" allowing them to make API calls to providers on the user’s behalf. Sites using social login in this manner typically offer social features such as commenting, sharing, reactions and gamification.

While social login can be extended to corporate websites,[2] the majority of social networks and consumer-based identity providers allow self-asserted identities. For this reason, social login is generally not used for strict, highly secure applications such as those in banking or health.

Advantages of social login

Studies have shown that web site registration forms are inefficient as many people provide false data, forget their login information for the site or simply decline to register in the first place. A study conducted during in 2011 by Janrain and Blue Research found that 77 percent of consumers favored social login as a means of authentication over more traditional online registration methods.[3] Additional benefits:

Disadvantages of social login

Utilizing social login through platforms such as Facebook may unintentionally render third party websites useless within certain libraries, schools, or workplaces which block social networking services for productivity reasons. It can also cause difficulties in countries with active censorship regimes, such as China and its "Golden Shield Project," where the third party website may not be actively censored, but is effectively blocked if a user's social login is blocked.[5]

Aggregating social login

Social login applications compatible with many social networking services are available to web developers using blogging platforms such as WordPress. Companies such as Gigya, Janrain, Oneall.com, Lanoba.com and Loginradius also provide single solution social login services for web developers. These companies can provide social login access to 20 or more social network sites.[6]

Security

In March, 2012, a research paper[7] reported an extensive study on the security of social login mechanisms. The authors found 8 serious logic flaws in high-profile ID providers and relying party websites, such as OpenID (including Google ID and PayPal Access), Facebook, Janrain, Freelancer, FarmVille, Sears.com, etc. Because the researchers informed ID providers and relying party websites prior to public announcement of the discovery of the flaws, the vulnerabilities were corrected, and there have been no security breaches reported.[8] This research concludes that the overall security quality of SSO deployments seems worrisome.

Moreover, social logins are often implemented in an insecure way. Users in this case have to trust every application which implemented this feature to handle their identifier confidentially. [9]

Furthermore, by placing reliance on an account which is operable on many websites, social login creates a single point of failure, thus considerably augmenting the damage that would be caused were the account to be hacked.

List of common social networking services using social login

List of social login providers

See also

References

Further reading

This article is issued from Wikipedia - version of the 11/20/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.