It’s a win-win, in terms of making users’ lives easier, and reducing security risks. If you have enforced two-factor authentication for your G Suite users (which you really ought to), then this will be required too, giving additional security. A special protocol is used so that the social login provider (in this case, Google) authenticates the user, and then confirms to the web application that the credentials are correct. At no time is the password given to the website, so if the airline site gets hacked, there are no passwords to be exposed and tried elsewhere. Social logins use a secure technology called OpenID Connect, or OIDC. It means users don’t have to create passwords when signing up with web sites and applications. A great solution to this problem is to encourage users to use social logins, like “Login with Google”. A work email address can give a good indication of some sites to target. A well-known technique to compromise user accounts is to take usernames and passwords from a breached website and try them out elsewhere. It's equally common for people to re-use passwords. Or is it? It's pretty common for employees to use their work email address to register with sites like airlines or food-delivery apps. You read all about it, and feel that relief that someone else is dealing with the mess, and it's not affecting you or the IT infrastructure you manage. Millions of emails and passwords have been dumped online. We explain the technology behind ‘social logins’ and explore ways to identify and manage the associated risks.Ī major airline website got hacked. That’s not the full story though - giving users the power to grant access permissions to third party apps is a risky trade-off. Social logins provide user convenience and remove the risks associated with weak or reused passwords.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |