Log in with facebook?

Some sites now offer the option of logging in with facebook or your email. Is it giving more of your personal info if you log-in with facebook?

Its the easier option, I believe they use your current user profile if you have already registered.

Easyroommate prompted this post.

It tells you what information the website is requesting when you want to use the facebook option.

I believe the ones that ask to log in with Facebook that then open your Facebook app then revert back to the app/page without you having to type any details/password are safe. These use a token based authentication method and no passwords are exchanged.

It’s the ones that actually ask you to input your email and password that aren’t, you are effectively giving them your details to access your account so they can do as they will with it. It’s known as phishing. When you hear of people saying their account has been hacked this is normally what it is. They’ve not been hacked, they’ve unknowingly given their username and password out to an untrusted source.

Not being on Facebook (nor ever likely to be) I much prefer email with two-step verification.

Oh and never stay logged in - that is asking for trouble in my book. And always easier to select 'Forgot Password' and start over if needs be.

There's more to life than being a data stream!

https://www.netflix.com/gb/title/80098473

In some respects, it's actually better to log in using the '3rd party' logins to websites i.e use Google/Facebook/Twitter/Yahoo etc. - They all use 'Oauth2'/'OpenID Connect' to authenticate and authorize. You'll get the benefits of 2 Factor Authentication from the authorizing party (Google/Facebook/Twitter/Yahoo etc.) so long as you've enabled 2FA with them, and you'll get the added protection of tokenization - this benefits the website that you're interacting with (they don't have to keep a protected SQL database of login details secure - if they get broken into then they just have a hashed single use token) and you, as you'd have less passwords to have to remember.

If you decide that you don't want a certain website/application to be authorized (if you allow authorization rather than just authentication) you can easily De-auth/delete from within your Oauth2/OpenID connect referrer. Any time that you log in using Oauth2/OpenID connect, you are also ensuring a minimum current encryption grade standard with TLS. If you choose to open accounts directly with any website and choose a username/password or email/password authorization, you'll need to check for the 'padlock' and dig into the security page to check the encryption level to see if it's really secure or not. Oauth2/OpenID Connect is pretty secure so long as it is implemented correctly.