182:
attackers successfully stealing social media account credentials from legitimate users. One such way that social media accounts are exploited is when users are enticed to download malicious browser extensions that request read and write permissions on all websites. These users are not aware that later on, typically a week or so after being installed, the extensions will then download some background
Javascript malware from its command and control site to run on the user's browser. From then on, these malware infected browsers can effectively be controlled remotely. These extensions will then wait until the user logs into a social media or another online account, and using those tokens or credentials will sign up for other online accounts without the rightful user's express permission.
215:, etc. Because the researchers informed ID providers and the third party websites that relied on the service prior to public announcement of the discovery of the flaws, the vulnerabilities were corrected, and there have been no security breaches reported. This research concludes that the overall security quality of SSO deployments seems worrisome.
108:
Studies have shown that website registration forms are inefficient as many people provide false data, forget their login information for the site or simply decline to register in the first place. A study conducted in 2011 by
Janrain and Blue Research found that 77 percent of consumers favored social
67:
and other websites while providing site owners with uniform demographic information as provided by the social networking service. Many sites which offer social login also offer more traditional online registration for those who either desire it or who do not have an account with a compatible social
116:
Web sites can obtain a profile and social graph data in order to target personalized content to the user. This includes information such as name, email, hometown, interests, activities, and friends. However, this can create issues for privacy, and result in a narrowing of the variety of views and
181:
There are several other risks that come with using social login tools. These logins are also a new frontier for fraud and account abuse as attackers use sophisticated means to hack these authentication mechanisms. This can result in an unwanted increase in fraudulent account creations, or worse;
99:
While social login can be extended to corporate websites, the majority of social networks and consumer-based identity providers allow self-asserted identities. For this reason, social login is generally not used for strict, highly secure applications such as those in banking or health.
63:. By selecting the desired social networking service, the user simply uses his or her login for that service to sign on to the website. This, in turn, negates the need for the end user to remember login information for multiple
221:
Furthermore, by placing reliance on an account which is operable on many websites, social login creates a single point of failure, thus considerably augmenting the damage that would be caused were the account to be hacked.
46:
to a third party website instead of creating a new login account specifically for that website. It is designed to simplify logins for end users as well as provide more reliable demographic information to web developers.
190:
In March 2012, a research paper reported an extensive study on the security of social login mechanisms. The authors found 8 serious logic flaws in high-profile ID providers and relying party websites, such as
218:
Moreover, social logins are often implemented in an insecure way. Users, in this case, have to trust every application which implemented this feature to handle their identifier confidentially.
92:" allowing them to make API calls to providers on the user's behalf. Sites using the social login in this manner typically offer social features such as commenting, sharing, reactions and
153:
Because social login can be used for authentication, many websites allow legacy users to link pre-existing site account with their social login account without forcing re-registration.
162:
Utilizing social login through platforms such as
Facebook may unintentionally render third-party websites useless within certain libraries, schools, or workplaces which block
386:
147:
can return the user's email address to the 3rd party website preventing the user from supplying a fabricated email address during the registration process.
477:"Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services"
88:
standard. OAuth is a secure authorization protocol which is commonly used in conjunction with authentication to grant 3rd party applications a "
529:
517:
410:
398:
178:", where the third party website may not be actively censored, but is effectively blocked if a user's social login is blocked.
523:
130:
133:(Personally Identifiable Information) into web forms. This can potentially speed up the registration or sign-up process.
450:
230:
Here is a list of services that provide social login features which they encourage other websites to use. Related are
555:
545:
123:
Users can log into websites with multiple social identities allowing them to better control their online identity.
349:
550:
303:
55:
Social login links accounts from one or more social networking services to a website, typically using either a
84:. For consumer websites that offer social functionality to users, social login is often implemented using the
129:
Many websites use the profile data returned from social login instead of having users manually enter their
109:
login as a means of authentication over more traditional online registration methods. Additional benefits:
163:
231:
27:
489:
363:
476:
68:
networking service (and therefore would be precluded from creating an account with the website).
501:
424:
175:
76:
Social login can be implemented strictly as an authentication system using standards such as
8:
64:
56:
166:
for productivity reasons. It can also cause difficulties in countries with active
268:
330:
325:
204:
89:
39:
23:
539:
411:"The Social Web's Big New Theme for 2011: Multiple Identities for Everyone"
387:"Integrate Social Networks with your Corporate Website with Social Sign On"
93:
399:
Social Media
Marketing: Social login or traditional website registration?
293:
288:
248:
167:
60:
530:"Pepsi and The X Factor embrace gamification with The Pepsi Sound Off"
263:
212:
208:
518:"Social Sign-On: What is it and How Does It Benefit Your Web Site?"
273:
253:
196:
31:
308:
278:
200:
35:
313:
298:
283:
258:
238:
192:
140:
77:
474:
171:
144:
85:
43:
81:
243:
502:"Social Login Setups – The Good, the Bad and the Ugly"
475:
Rui Wang; Shuo Chen & XiaoFeng Wang (May 2012).
537:
157:
490:"OpenID: Vulnerability report, Data confusion"
451:"Simple Social Login for Users and Attackers"
139:Identity providers who support email such as
103:
520:- Social Technology Review; January 10, 2011
422:
350:Social Login: A Data Capture Game Changer
195:(including Google ID and PayPal Access),
50:
364:"Social Logins—what info you give away!"
448:
361:
16:Login using a social networking account
538:
524:"The Importance of Consumer Identity"
389:- Altimeter Group, September 27, 2010
225:
492:- OpenID Foundation, March 14, 2012
13:
511:
232:federated identity login providers
117:options available on the internet.
26:using existing information from a
14:
567:
401:MarketingSherpa, January 12, 2012
449:Safruti, Ido (18 October 2017).
362:Ngemera, Eusebius (2017-01-31).
331:Authentication vs. Authorization
532:- VentureBeat; October 18, 2011
495:
423:Laurenson, Lydia (3 May 2014).
483:
468:
442:
416:
404:
392:
380:
355:
343:
71:
1:
413:- AllThingsD, January 1, 2011
336:
158:Disadvantages of social login
526:- Windows IT Pro, 2/28/2011.
352:(accessed 21 December 2011).
7:
504:- CloudRail, August 2, 2016
319:
185:
10:
572:
164:social networking services
104:Advantages of social login
28:social networking service
556:Password authentication
546:Computer access control
425:"The Censorship Effect"
51:How social login works
551:Computing terminology
304:Vkontakte (ВКонтакте)
176:Golden Shield Project
136:Pre-validated Email
120:Multiple Identities
65:electronic commerce
226:List of providers
170:regimes, such as
126:Registration Data
563:
505:
499:
493:
487:
481:
480:
472:
466:
465:
463:
461:
446:
440:
439:
437:
435:
420:
414:
408:
402:
396:
390:
384:
378:
377:
375:
374:
359:
353:
347:
113:Targeted Content
571:
570:
566:
565:
564:
562:
561:
560:
536:
535:
514:
512:Further reading
509:
508:
500:
496:
488:
484:
473:
469:
459:
457:
447:
443:
433:
431:
421:
417:
409:
405:
397:
393:
385:
381:
372:
370:
360:
356:
348:
344:
339:
322:
228:
188:
160:
150:Account linking
106:
74:
53:
17:
12:
11:
5:
569:
559:
558:
553:
548:
534:
533:
527:
521:
513:
510:
507:
506:
494:
482:
467:
441:
415:
403:
391:
379:
354:
341:
340:
338:
335:
334:
333:
328:
326:Single sign-on
321:
318:
317:
316:
311:
306:
301:
296:
291:
286:
281:
276:
271:
266:
261:
256:
251:
246:
241:
227:
224:
187:
184:
159:
156:
155:
154:
151:
148:
137:
134:
127:
124:
121:
118:
114:
105:
102:
73:
70:
52:
49:
24:single sign-on
15:
9:
6:
4:
3:
2:
568:
557:
554:
552:
549:
547:
544:
543:
541:
531:
528:
525:
522:
519:
516:
515:
503:
498:
491:
486:
478:
471:
456:
452:
445:
430:
426:
419:
412:
407:
400:
395:
388:
383:
369:
368:eusebius.tech
365:
358:
351:
346:
342:
332:
329:
327:
324:
323:
315:
312:
310:
307:
305:
302:
300:
297:
295:
292:
290:
287:
285:
282:
280:
277:
275:
272:
270:
267:
265:
262:
260:
257:
255:
252:
250:
247:
245:
242:
240:
237:
236:
235:
233:
223:
219:
216:
214:
210:
206:
202:
198:
194:
183:
179:
177:
173:
169:
165:
152:
149:
146:
142:
138:
135:
132:
128:
125:
122:
119:
115:
112:
111:
110:
101:
97:
95:
91:
90:session token
87:
83:
79:
69:
66:
62:
58:
48:
45:
41:
37:
33:
29:
25:
22:is a form of
21:
497:
485:
470:
458:. Retrieved
455:infosecurity
454:
444:
432:. Retrieved
428:
418:
406:
394:
382:
371:. Retrieved
367:
357:
345:
229:
220:
217:
189:
180:
161:
107:
98:
94:gamification
75:
54:
20:Social login
19:
18:
460:14 November
434:27 February
72:Application
540:Categories
429:TechCrunch
373:2017-05-06
337:References
294:Sina Weibo
205:Freelancer
168:censorship
264:KakaoTalk
213:Sears.com
209:FarmVille
174:and its "
320:See also
274:LinkedIn
254:Facebook
197:Facebook
186:Security
32:Facebook
30:such as
309:Twitter
279:Myspace
201:Janrain
57:plug-in
36:Twitter
314:WeChat
299:Taobao
284:PayPal
259:Google
239:Alipay
193:OpenID
145:Yahoo!
141:Google
78:OpenID
61:widget
40:Google
249:Apple
172:China
86:OAuth
59:or a
44:login
42:, to
462:2017
436:2015
269:Line
143:and
82:SAML
244:AOL
131:PII
80:or
38:or
542::
453:.
427:.
366:.
289:QQ
234:.
211:,
207:,
203:,
199:,
96:.
34:,
479:.
464:.
438:.
376:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.