Sheffield Forum

Log in with facebook?

Home > General > Computer & Tech Chat

Reply To Topic
 
Thread Tools Search this Thread
03-03-2018, 14:16   #1
El Cid
Registered User
 
Joined: Mar 2013
Location: Wakefield
Total Posts: 8,005
Some sites now offer the option of logging in with facebook or your email. Is it giving more of your personal info if you log-in with facebook?
Its the easier option, I believe they use your current user profile if you have already registered.

Easyroommate prompted this post.
  Reply With Quote
04-03-2018, 09:09   #2
probedb
Registered User
 
Joined: Jan 2005
Total Posts: 5,781
It tells you what information the website is requesting when you want to use the facebook option.
  Reply With Quote
04-03-2018, 11:05   #3
steroc
Registered User
steroc's Avatar
 
Joined: Apr 2011
Total Posts: 983
I believe the ones that ask to log in with Facebook that then open your Facebook app then revert back to the app/page without you having to type any details/password are safe. These use a token based authentication method and no passwords are exchanged.
It’s the ones that actually ask you to input your email and password that aren’t, you are effectively giving them your details to access your account so they can do as they will with it. It’s known as phishing. When you hear of people saying their account has been hacked this is normally what it is. They’ve not been hacked, they’ve unknowingly given their username and password out to an untrusted source.
_______
My DIY Living Room/Cinema and Multi-Room AV Project
https://www.avforums.com/index.php?t...oject.1999379/

Last edited by steroc; 04-03-2018 at 11:15.
  Reply With Quote
04-03-2018, 21:50   #4
swarfendor43
Registered User
swarfendor43's Avatar
 
Joined: Sep 2009
Total Posts: 6,197
Not being on Facebook (nor ever likely to be) I much prefer email with two-step verification.
Oh and never stay logged in - that is asking for trouble in my book. And always easier to select 'Forgot Password' and start over if needs be.

There's more to life than being a data stream!

https://www.netflix.com/gb/title/80098473

Last edited by swarfendor43; 04-03-2018 at 21:56.
  Reply With Quote
13-03-2018, 17:33   #5
ShefStealth
Registered User
 
Joined: Jan 2011
Location: Sheffield
Total Posts: 732
In some respects, it's actually better to log in using the '3rd party' logins to websites i.e use Google/Facebook/Twitter/Yahoo etc. - They all use 'Oauth2'/'OpenID Connect' to authenticate and authorize. You'll get the benefits of 2 Factor Authentication from the authorizing party (Google/Facebook/Twitter/Yahoo etc.) so long as you've enabled 2FA with them, and you'll get the added protection of tokenization - this benefits the website that you're interacting with (they don't have to keep a protected SQL database of login details secure - if they get broken into then they just have a hashed single use token) and you, as you'd have less passwords to have to remember.

If you decide that you don't want a certain website/application to be authorized (if you allow authorization rather than just authentication) you can easily De-auth/delete from within your Oauth2/OpenID connect referrer. Any time that you log in using Oauth2/OpenID connect, you are also ensuring a minimum current encryption grade standard with TLS. If you choose to open accounts directly with any website and choose a username/password or email/password authorization, you'll need to check for the 'padlock' and dig into the security page to check the encryption level to see if it's really secure or not. Oauth2/OpenID Connect is pretty secure so long as it is implemented correctly.
  Reply With Quote
Reply To Topic

Thread Tools Search this Thread
Search this Thread:

Advanced Search



All times are GMT +1. The time now is 16:29.
POSTS ON THIS FORUM ARE NOT ACTIVELY MONITORED
Click "Report Post" under any post which may breach our terms of use.
©2002-2017 Sheffield Forum | Powered by vBulletin ©2018