The number of passwords that people have to keep up with continues to increase each year. There are accounts for work applications and personal accounts like online banking. Using retail sites also introduces a whole new slew of account passwords you need to make.

We juggle an average of 100 different passwords for various account logins now. That volume of passwords leads to users reusing passwords, using easy-to-guess passwords, and storing passwords in an unsecured manner.

With most companies moving much of their data and processes to the cloud since the pandemic, password breach has become a major threat to data security.

One way that people try to cut down on the number of new passwords they need is to use their Google, Facebook, Apple, or another major account to create a new account with a 3rd party site.

Sites like Zoom, eBay, and many others allow you to use a “sign-in with…” option instead of creating a unique login credential for their site.

This often takes less time to get started, especially if you’re already signed into the service. Once you’ve connected the 3rd party account to your Google or Facebook ID, you then will be served up that FB or Google login page anytime you want to access that specific site.

This sounds like a great way to reduce the number of passwords you use, but is it a good idea?

It turns out that there are a lot of risks involved when you connect 3rd party accounts to your FB or Google login. So, while, it may be convenient it can also be a worse option than just creating a unique account with a site. Here’s why.

The Data Shared Can Be More Than You Think

When you connect 3rd party accounts to your Google or Facebook account, you’re sharing data between them. This means that accounts like Uber can tap into your Google Wallet, and task sites like Doodle can read your calendar. 

Setting up your Trip Advisor account with Facebook will expose your Friends List, with the 3rd party site using it to tap into your friends’ travel details and reviews.

One trick these services use to lull you into a false sense of security is to initially only ask for permission to share a little data, like your email address and profile information. But then, over time, you’ll get additional prompts to share more data until you end up exposing more than you realize.

One Breach Exposes Multiple Accounts

One of the cardinal rules of good password security is to make unique passwords for all your accounts. When you sign in to other sites with your FB or Google login, you’re breaking that rule.

You’re sharing that one password across all the sites you connect, leaving them all at a higher risk of being breached.

If a hacker gains access to your Facebook or Google account, then they have the keys to unlock other connected accounts as well. And it’s not hard for them to know what they are because they’re listed in the settings of the main account under an area that shows app access.

Downtime Can Impact Your Access

You create a single point of failure when you use your Google or FB account as the authentication process for 3rd party sites. Should one of those major sites go down, you can no longer authenticate to get into other connected accounts.

In early October, Facebook was down for nearly 6 hours due to a network connection issue. This meant that millions of users could not get into their Facebook account nearly all day. But those that had used “Sign-in with Facebook” to set up other accounts were also locked out of those accounts.

All cloud providers can go down and have outages that last hours. Having 3rd party sites rely on your FB or Google ID is setting yourself up for a major account lockout not if, but when, one of them goes down.

It Can Be Harder to Personalize Profile Details

When you use your Google or FB ID to set up an account on another site, your details like email address, phone number, and profile photo are usually shared with the 3rd party site. That site may not even have a way for you to change your profile photo and is just syncing the one in your Google or Facebook account.

That connection can make it difficult to change profile details in the 3rd party site if you want them to be different than the ones in your FB or Google account.

Need Help With Password Management & Security?

BrainStomp can help your business with affordable password management and security solutions to reduce your risk of a major cloud account breach.

Schedule a free consultation today! Call 260-918-3548 or reach out online.