Digital West Blog

Is it safe to use Facebook credentials to login to other websites?

Posted by Sharon Durant on 11/29/16, 11:53 AM

Short answer- No, not really. Here's why:

Open_Padlock_on_Keyboard.jpgA recent vulnerability was exposed in the OAuth 2.0 protocol that opened a floodgate of exposed passwords. Chinese researchers examined 600 top U.S. and Chinese Android mobile apps that use OAuth 2.0 APIs from Facebook, Google and Sina and support single sign-on for third-party apps. They found that 41.2 percent of the apps they tested were vulnerable to their attack, including popular dating, travel, shopping, hotel booking, finance, chat, music and news apps. The researchers said the apps they tested were downloaded more than 2.4 billions times in aggregate, meaning that more than one billion are vulnerable!

If you use Facebook or Google+ login credentials to sign in to other websites, your password could be 

susceptible to being hacked. Many popular third-party applications, like online music services, dating websites and financial productivity tools, allow single sign-on via Facebook and Google+, and although this can certainly be convenient for users, it has now left them vulnerable. If you use single sign-on via Facebook for all your third party applications, you are essentially using the same password across most (if not all) sites you login to as well as keeping that password the same for the lifetime of the account.

Best practices suggest that you change your password every 1-3 months, in addition to using different passwords for different sites. Here’s an example: If you use the same password for Facebook as your online banking, personal email and other private websites, but your password gets stolen from from one of them, then all of your online accounts could be exposed. We recommend using a third party tool like Last Pass, or using mnemonic devices (phrases that are easy to remember for you but not intuitive for a hacker to guess), for all of your logins.Schedule a Free Consultation

If you’re running a business and not taking appropriate steps to maintain online security, it's important to take action immediately. If you aren’t sure what steps to take, set up a free consultation with Digital West. We have a team of security experts who can guide you in best practices and set you up for success with industry leading security tools. Contact us today for a free consultation!

Topics: Security