If you go online often and have recently signed up for a website or service, chances are you’ve seen the ability to sign in using your Google, Facebook, Twitter, or even Apple or Microsoft account, among other options.
This article will address this topic, analyzing its advantages and disadvantages.
When was the last time you registered on a website? As active users on the Internet, we are most likely registered in various online services and manage various accounts.
Likely, you have also noticed that it is increasingly common to be able to register using one of our Google accounts, Facebook, or Twitter, for example.
Instead of having to think of a new username and password each time, we can unify the registration of several services under the same account. This process is known as OAuth or the open authentication standard.
It is used by large companies to allow users to share certain account information with third-party applications or websites. In exchange, users can register without creating a new username and password.
The operation is very simple. When we access a website or service, the application asks us for a way to authenticate ourselves, for example, by using an email and a password.
However, the OAuth standard allows us to directly contact a service like Google or Facebook so that they create an “authentication token,” that is, a kind of confirmation validated by a large company that it is really us.
Many web services still do not allow registration with this mechanism, so we will have to continue registering traditionally: creating a new account with a username, an email, and a password.
What are Your Advantages and Disadvantages?
Now, the logical thing is that at this point, we question the procedure’s safety; After all, we are sharing certain information from our Google or Facebook accounts with third parties. Let’s see the implications that this type of system has for our security and privacy through its advantages and disadvantages.
Let’s imagine the following scenario:
Our protagonist is a fan of graphic design and has found a website where she can download templates and images free of charge. To access this website, you just need to register with your email, create a new username and think of a new strong password for this service.
However, the website allows you to register using your Facebook account, so you decide to use this method. When doing so, it will be this service that you will use to access the web and the one that will serve to authenticate that you are who you say you are; meanwhile, the web will be able to access certain public information of the profile of the social network or service, but not your password.
In this way, our protagonist will have one less account to worry about and will benefit from many advantages in the security and privacy of her account:
Greater data privacy: When we decide to register on a website but are not convinced by the idea of sharing our bank details, for example, the OAuth authentication method ensures that this information is not accessible to the website, as well as other personal data from our account.
In the same way, if the website suffers a cyberattack and the security of its users’ accounts is violated, ours will remain intact as it does not contain any sensitive data stored on its servers, not even our credentials.
Increased account security: Companies like Facebook, Google, or Twitter have many security measures that allow us to customize the configuration options of our account and, in turn, have many more resources to prevent attacks by cybercriminals on their servers than, for, For example, a small business website.
Likewise, they incorporate other measures, such as two-step verification, to add an extra layer of security when authenticating us in our account, including an additional element, such as a verification code sent to our mobile device.
More control over the account: As users, we can configure at any time when we want the authentication with Google, Facebook, or the service that has been used to cease to be valid and stop having an account on the website or online service; that is, we can revoke the permissions granted to the web from the configuration of the account of the service used.
Similarly, we may limit the amount of information we share with them. How can we do it?
If one account falls, they all fall. If we depend on a single account to use all our services, and this one ends up in the wrong hands, it would jeopardize the security of all the others. As much as we customize security, a very elaborate social engineering attack could make us bite and lose all that security.
Access to our personal information: Although this problem can be prevented by correctly configuring the security and privacy options of our main service, indeed, the website where we have registered will always have access to part of our information, such as the public profile, email, telephone, and in certain cases, the information of our contacts, visits, and activity or the ability to publish on our wall or profile.
In conclusion, we can assure you that these authentication standards, such as OAuth, are here to stay due to their multiple advantages, both for the user and online companies and services. However, as users, we cannot ignore our accounts’ security. We must take a more active role in them, using all the mechanisms and tools available.