Sheffield Forum
Your message here

Log in with facebook?

Home > General > Computer & Tech Chat

Reply To Topic
Thread Tools Search this Thread
03-03-2018, 14:16   #1
El Cid
Registered User
Joined: Mar 2013
Location: Wakefield
Total Posts: 8,250
Some sites now offer the option of logging in with facebook or your email. Is it giving more of your personal info if you log-in with facebook?
Its the easier option, I believe they use your current user profile if you have already registered.

Easyroommate prompted this post.
  Reply With Quote
04-03-2018, 09:09   #2
Registered User
Joined: Jan 2005
Total Posts: 5,804
It tells you what information the website is requesting when you want to use the facebook option.
  Reply With Quote
04-03-2018, 11:05   #3
Registered User
steroc's Avatar
Joined: Apr 2011
Total Posts: 988
I believe the ones that ask to log in with Facebook that then open your Facebook app then revert back to the app/page without you having to type any details/password are safe. These use a token based authentication method and no passwords are exchanged.
It’s the ones that actually ask you to input your email and password that aren’t, you are effectively giving them your details to access your account so they can do as they will with it. It’s known as phishing. When you hear of people saying their account has been hacked this is normally what it is. They’ve not been hacked, they’ve unknowingly given their username and password out to an untrusted source.
My DIY Living Room/Cinema and Multi-Room AV Project

Last edited by steroc; 04-03-2018 at 11:15.
  Reply With Quote
04-03-2018, 21:50   #4
Registered User
swarfendor43's Avatar
Joined: Sep 2009
Total Posts: 6,271
Not being on Facebook (nor ever likely to be) I much prefer email with two-step verification.
Oh and never stay logged in - that is asking for trouble in my book. And always easier to select 'Forgot Password' and start over if needs be.

There's more to life than being a data stream!

Last edited by swarfendor43; 04-03-2018 at 21:56.
  Reply With Quote
13-03-2018, 17:33   #5
Registered User
Joined: Jan 2011
Location: Sheffield
Total Posts: 732
In some respects, it's actually better to log in using the '3rd party' logins to websites i.e use Google/Facebook/Twitter/Yahoo etc. - They all use 'Oauth2'/'OpenID Connect' to authenticate and authorize. You'll get the benefits of 2 Factor Authentication from the authorizing party (Google/Facebook/Twitter/Yahoo etc.) so long as you've enabled 2FA with them, and you'll get the added protection of tokenization - this benefits the website that you're interacting with (they don't have to keep a protected SQL database of login details secure - if they get broken into then they just have a hashed single use token) and you, as you'd have less passwords to have to remember.

If you decide that you don't want a certain website/application to be authorized (if you allow authorization rather than just authentication) you can easily De-auth/delete from within your Oauth2/OpenID connect referrer. Any time that you log in using Oauth2/OpenID connect, you are also ensuring a minimum current encryption grade standard with TLS. If you choose to open accounts directly with any website and choose a username/password or email/password authorization, you'll need to check for the 'padlock' and dig into the security page to check the encryption level to see if it's really secure or not. Oauth2/OpenID Connect is pretty secure so long as it is implemented correctly.
  Reply With Quote
Reply To Topic

Thread Tools Search this Thread
Search this Thread:

Advanced Search

All times are GMT +1. The time now is 06:39.
Click "Report Post" under any post which may breach our terms of use.
©2002-2017 Sheffield Forum | Powered by vBulletin ©2018