Use Social Login At Your Own Risk
By Ori
Eisen, Trusona
There’s a reason why social media profiles have become a popular means of logging in across the Internet. As recently as 2015, we saw more than 58 million logins using social media credentials across 700+ other apps and services. I can’t take credit for even a single instance, but I certainly understand why the numbers are so high.
It’s all about convenience. It’s why so many of us use our credentials on Facebook (which has the lion’s share), alongside Twitter, Google and also Yahoo to log in to other applications — and why so many retailers offer that service to get customers registered on their sites.
Is There An End In Sight?
I’m convinced if there were to be a moment to reconsider our willingness to trust Facebook enough to share credentials with other sites, it would be happening now. If headlines about Cambridge Analytica gaining access to private data on millions of Facebook users didn’t call that into question, Facebook’s quarterly report stating that Cambridge Analytica isn’t alone and that they expect to “discover and announce additional incidents of misuse of user data or other undesirable activity by third parties,” certainly should.But if my recent informal survey of colleagues, friends and family is any indication, I’m completely wrong. The practice of using social logins hasn’t taken even the slightest of hits, which means we’ll continue to see the most popular online sites — starting with social media, but now including companies like PayPal and Amazon — be the means by which many access other online services.
If people continue to use them, retailers will continue to offer them. And while it may be convenient for retailers to outsource this service, it’s hardly in their best interest (nor their customers’) to do so.
Convenience Can’t Trump Security
Social login is the epitome of convenience. Among the benefits are simplifying web and mobile registration, eliminating the need to remember another new username and password friction, and offering the ability to use stored payment information. That first one, in particular, is not small potatoes when you think about customer acquisition. It turns out that creating a new account can be incredibly taxing for users and can turn them off from a site entirely. (A 2014 Business Insider study found that 28% of consumers abandoned a purchase because they didn’t want to create an account. It’s also why so many brands now offer “guest checkout” options.)
But what do retailers put at risk in relying on another company for customers to gain access to their site? Giving a third party control over such an important part of your business is a risky move. Do you really trust another company to create, maintain and care for your users’ identity as you would — and what will they do with that personal data? Not to mention, if they suffer an outage with their servers or decide to change their terms of service, your users will be cut off from your service. Or if a customer decides to cancel their social media accounts, they’ve also cancelled theirs with you, too.
Protect Your Customers
Using social login, specifically Facebook, may also carry added security risks, according to new research from Princeton published recently.
New research suggests you’re not just granting permission to Facebook. According to WIRED, researchers found that when users grant permission for a web site to access their Facebook profile, third-party trackers embedded on the site accessed that data, too — ranging from a user’s name and email address to age, birthday and other information, depending on what information the original site requested to access.
When you jeopardize the trust you’ve worked so hard to build with your customers, it’s tough to regain that footing. When you hear brand names like Experian, Yahoo or even Target, they’re inextricably linked to security fiascos. And while large corporations can handle the fallout and pay off the legal fees associated, not all companies are so lucky. Scrutinizing and vetting the kinds of companies you partner with and trust with customer data reflects more than just your views on security.
First Impressions Matter
Let’s talk about real estate for a moment. As MailChimp so bluntly put it, who wants their app to be veritable advertisements for social media brands?
In many fields, the login page is a company’s first impression, the small period when a person first makes up his or her mind to learn more or close the tab. We’ve all become extremely selective online, sparing maybe a few seconds for something before jumping ship. For retail brands, these precious few seconds are essential to making a good impression and gaining a customer. With people only capable of absorbing so much information at once, why offer up a cluttered page that potentially overwhelms?
Research shows that first impressions online are 94% design-related and that judgments on a web site’s credibility are based significantly on aesthetics. And while in many ways, it’s true that a home page makes or breaks a customer’s experience, the act of creating an account or logging in — when you’re formally building that relationship with a brand — is a very close second.
The short version? Use social login at your own risk.
Ori Eisen is founder and CEO and of identity authentication technology company Trusona. He has spent the last two decades building technology to fight online crime and to secure the Internet, previously founding fraud prevention and detection technology company 41st Parameter, as well as serving as worldwide fraud director for American Express.