Social Login, or Social Sign-in, can be described as a type of Single Sign-On solution for end users. It allows users to log in to third-party websites using existing login credentials from social network providers such as Facebook, LinkedIn, or Google, thereby simplifying the registration process for protected areas. The social network providers act as identity providers and make the user identities stored with them available to the connected services.
If a user wants to access a protected area of a website or app and the portal operator offers social logins, the user selects their preferred social network. The website/app connects to the social network via a widget or plug-in, and the social network provider receives a login request. The user is asked to confirm the connection to the site and enter their login details.
In the next step, the user must approve the access permissions that the app or website receives. After the social network provider confirms the user’s identity, the user is granted access to the protected area.
The exchange of information between individual providers (social networks and third-party websites) is goverened by standards such as OpenID Connect (OIDC) or OAuth.
Advantages of Social Login
- Users themselves do not need to create a new account and do not need to think of and remember another password.
- For companies that offer their users social login as an authentication method, this means an increased number of registrations and a lower abandonment rate.
- Portal operators who only offer social login still have to take care of setting up databases, but they don’t have to worry about storing passwords or implementing a password reset function.
- Portal operators gain valuable information through access to social media profiles, enabling them to target users more effectively and use the data for personalized marketing. In addition, the risk of fake accounts is reduced.
Disadvantages of Social Login
- When logging in via social media, more information may be disclosed than desired. This could include friend lists, e-mail addresses, or sometimes even entire social media profiles. It is therefore important to always check carefully what information is being shared.
- If your social media account is hacked, attackers can also access the connected services. You should therefore always use secure and unique passwords and, if available, two-factor or multi-factor authentication.
- If your preferred social network goes down, this can affect access to the connected services.
In addition, you should regularly check the apps and websites that have access to your social media account and remove any unused or suspicious sites.