Jump to content
Classifieds Temporarily Unavailable Read more... ×

Log in with facebook?

Recommended Posts

Some sites now offer the option of logging in with facebook or your email. Is it giving more of your personal info if you log-in with facebook?

Its the easier option, I believe they use your current user profile if you have already registered.

 

Easyroommate prompted this post.

Share this post


Link to post
Share on other sites

It tells you what information the website is requesting when you want to use the facebook option.

Share this post


Link to post
Share on other sites
Posted (edited)

I believe the ones that ask to log in with Facebook that then open your Facebook app then revert back to the app/page without you having to type any details/password are safe. These use a token based authentication method and no passwords are exchanged.

It’s the ones that actually ask you to input your email and password that aren’t, you are effectively giving them your details to access your account so they can do as they will with it. It’s known as phishing. When you hear of people saying their account has been hacked this is normally what it is. They’ve not been hacked, they’ve unknowingly given their username and password out to an untrusted source.

Edited by steroc

Share this post


Link to post
Share on other sites
Posted (edited)

Not being on Facebook (nor ever likely to be) I much prefer email with two-step verification. ;)

Oh and never stay logged in - that is asking for trouble in my book. And always easier to select 'Forgot Password' and start over if needs be.

 

There's more to life than being a data stream! :suspect:

 

https://www.netflix.com/gb/title/80098473

Edited by swarfendor43

Share this post


Link to post
Share on other sites

In some respects, it's actually better to log in using the '3rd party' logins to websites i.e use Google/Facebook/Twitter/Yahoo etc. - They all use 'Oauth2'/'OpenID Connect' to authenticate and authorize. You'll get the benefits of 2 Factor Authentication from the authorizing party (Google/Facebook/Twitter/Yahoo etc.) so long as you've enabled 2FA with them, and you'll get the added protection of tokenization - this benefits the website that you're interacting with (they don't have to keep a protected SQL database of login details secure - if they get broken into then they just have a hashed single use token) and you, as you'd have less passwords to have to remember.

 

If you decide that you don't want a certain website/application to be authorized (if you allow authorization rather than just authentication) you can easily De-auth/delete from within your Oauth2/OpenID connect referrer. Any time that you log in using Oauth2/OpenID connect, you are also ensuring a minimum current encryption grade standard with TLS. If you choose to open accounts directly with any website and choose a username/password or email/password authorization, you'll need to check for the 'padlock' and dig into the security page to check the encryption level to see if it's really secure or not. Oauth2/OpenID Connect is pretty secure so long as it is implemented correctly.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.