The Center for Consumer Protection in the German state of North Rhine-Westphalia has warned that the Single Sign-on function is dangerous.
Although this convenient function allows the user to simply log in with an account that already exists in one of the popular web services, the German Center advised against using it, arguing that after performing the single sign-on process, companies can collect comprehensive data about the user and know what he is doing on the site in question.
Personal account ads
In addition, companies often receive information from the user’s public account, and this data is more than what is required in the normal login process, and by relying on this information, a personal user account can be created for advertising purposes.
If the password of the account that is used in the single sign-on function falls into the hands of strangers, then a big problem arises, as the third party will be able to access the relevant account with the Internet company, as well as all other pages where this account is used via the login function Single sign-on.
The hackers launched targeted searches to access the accounts that are used as public keys, and the German Center for Consumer Protection stated that the Facebook network announced in early October that the hackers had managed to steal the login data of Facebook users through hundreds of applications.
These fake applications offered the user the option to “Login with Facebook”, so the victims filled out phishing forms, which passed the login data directly to the hackers in order to gain control of the compromised Facebook accounts.
Extensive access rights
Websites or services that are logged in with the single sign-on function can request broad access rights within the account, the user may not be aware of this, but may like spam posts without the user’s desire, such rights are usually listed when setting Single sign-on.
If the user wishes to continue using the single sign-on functionality, however, he must read each provision and revoke some of the access rights, and if he is unable to do so, the only option is not to use the single sign-on functionality of the respective site and cancel the settings.
And the German Consumer Protection Center advised not to use the single sign-on function when wanting to pass as little personal data as possible, and in the event that you do not want to give up the convenience functions, the single sign-on account must be well-secured by using a strong password and activating the two-factor authentication function.