Multiple Logins The Bane of Modern Online Life
In our online lives today, it seems like every time you turn around, you are required to sign in to something, create an account for something to use their services. Every app seems to require its specific login.
Google and Facebook offer services that can provide many of these apps with your information — they are passing your verified Facebook or Google login credentials on to the app company. To me, it feels like the fly in the spider web. Is this a convenience or are there drawbacks we might not have considered. Have you ever known Google or Facebook to be altruistic?
The Concept of Single Sign-On (SSO)
What is Single sign-on (SSO)? It is a service that users can use to access multiple programs or apps. They enter only one login, one username, and one password and that means you no longer have to remember thousands of different login names and passwords. It also negates the problem of using the same login information on every site. It can be a time-saver, but it also comes with risks that you may not have considered.
Provider as the Repository
For instance, if you choose Google as your preferred login authenticator when you download an app and go to the create a login you can select use my Google login. Google’s SSO policy server then authenticates your access privileges in its user director and then provides your information to the application, and you are all set. But do you trust Google?
Is it worth the Risk
Do you know what you agree to when using one of these providers SSO service? Each of these come with their own rules and exceptions, and you should take the time to read them before blindly using their services.
How secure is your information with Google? Is it possible for a hacker to gain access to this policy server? If they did, they could get into every application you accessed using Googles SSO service. You are placing all your trust in Google to protect your information.
How much information do you want Google to have? By using their SSO service you have now let them know everywhere, you have accounts and what you do on those applications.
Apple announced at last weeks Worldwide Developers Conference its proprietary single sign-on (SSO) service that would be a more secure direct competitor to Facebook and Google.
One goal of this system is to reduce the amount of data collection that is allowed by applications only providing them minimal information and keeping the rest of it quarantined within Apple. That way, your data cannot be widely used for other purposes.
It may seem rather strange for Apple to be entering into this fray, but I think they have a security mindset not present in these other large tech entities.
Individual Logins and Password Managers
While the Apple SSO is a significant improvement and much preferable to the offerings by Google or Facebook
My preference is to use a Password management system and create unique logins and strong passwords for every account, for every website and every application, and they are all secured by a single master password.
I use 1Password, which can generate unique passwords and save them for every account. By using this system, you have reduced the chance of your accounts being taken over. They may get one, but they can’t get the others because they’re all unique.