Social login

This is an old revision of this page, as edited by Katiek648 (talk | contribs) at 21:14, 12 June 2012 (→Security). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 21:14, 12 June 2012 by Katiek648 (talk | contribs) (→Security)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Social login, also known as social sign-in, is a form of single sign-on using existing login information from a social networking service such as Facebook or Twitter to sign into a third party website in lieu of creating a new login account specifically for that website. It is designed to simplify logins for end users as well as provide more and more reliable demographic information to web developers.

Social login is often considered a gateway to many of the recent trends in social software and social commerce because it can be used as a mechanism for both authentication and authorization.

How social login works

Social login links logins to one or more social networking services to a website, typically using either a plug-in or a widget. By selecting the desired social networking service, the user simply uses his or her login for that services to sign on to the web site. This in turn negates the need for the end user to remember login information for multiple electronic commerce and other websites while providing site owners with uniform demographic information as provided by the social networking service. Many sites which offer social login also offer more traditional online registration for those who desire it.

Application

Social login can be implemented strictly as an authentication system using standards such as OpenID or SAML. For consumer websites that offer social functionality to users, social login often implemented using the OAuth standard. OAuth is a secure authorization protocol which is commonly used in conjunction with authentication to grant 3rd party applications a "session token" allowing them to make API calls to providers on the user’s behalf. Sites using social login in this manner typically offer social features such as commenting, sharing, reactions and gamification.

While social login can be extended to corporate websites, the majority of social networks and consumer-based identity providers allow self-asserted identities. For this reason, social login is generally not used for strict, highly secure applications such those in banking or health.

Advantages of social login

Studies have shown that web site registration forms are inefficient as many people provide false data, forget their login information for the site or simply decline to register in the first place. A study conducted during in 2011 by Janrain and Blue Research found that 77 percent of consumers favored social login as a means of authentication over more traditional online registration methods.. Additional benefits:

Targeted Content - Websites can obtain a profile and social graph data in order to target personalized content to the user. This includes information such as name, email, hometown, interests, activities and friends.

Multiple Identities - Users can login to websites with multiple social identities allowing them to better control their online identity.

Registration Data - Many websites use the profile data returned from social login instead of having users manually enter their PII (Personally Identifiable Information) into web forms. This can potentially speed up the registration or sign-up process.

Pre-Validated Email - Identity providers who support email such as Google and Yahoo! can return the user’s email address to the 3rd party website preventing the user from supplying a fabricated email address during the registration process.

Account linking - Because social login can be used for authentication, many websites allow legacy users to link pre-existing site account with their social login account without forcing re-registration.

Aggregating social login

Social login applications compatible with many social networking services are available to web developers using blogging platforms such as WordPress. Companies such as Janrain, Oneall.com, Lanoba.com and Gigya also provide single solution social login services for web developers. These companies can provide social login access to 20 or more social network sites.

Security

In March, 2012, a research paper reported an extensive study on the security of social login mechanisms. The authors found 8 serious logic flaws in high-profile ID providers and relying party websites, such as OpenID (including Google ID and PayPal Access), Facebook, Janrain, Freelancer, FarmVille, Sears.com, etc. Every flaw allows an attacker to sign in as the victim user. The paper concludes that the overall security quality of social login deployments seems worrisome, and much more effort need to be devoted to improve it.

List of common social networking services using social login

References

Social Login: A Data Capture Game Changer (accessed 21 December 2011)
"Integrate Social Networks with your Corporate Website with Social Sign On" - Altimeter Group, September 27, 2010
Social Media Marketing: Social login or traditional website registration? MarketingSherpa, January 12, 2012
"The Social Web's Big New Theme for 2011: Multiple Identities for Everyone" - AllThingsD, January 1, 2011
List of Social Login Providers, Janrain
Rui Wang, Shuo Chen, and XiaoFeng Wang. "Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services".{{cite web}}: CS1 maint: multiple names: authors list (link)

Misplaced Pages