When you visit a website and choose to sign in / sign up, you will often be greeted with the option to sign in using a Facebook or Google account that you already have. This is known as single sign-on (SSO).

This may seem like a very convenient thing to as you already have this account and don’t need to setup a new username and password. But is it the correct thing to do?

We would highly recommend against using any of these options and instead, using the regular sign-up option to create a dedicated account with a unique password for these sites. The following are a few reasons why this is the best method:

    • Using one account, i.e., Facebook or Google, to sign up for multiple different websites, services etc creates a daisy chain of accounts that can potentially be hacked if your account is compromised. This is because all these accounts will show as linked and be using the same sign in detail.

    • Privacy issues is a big concern when linking all these accounts together. Facebook accounts can include names, emails, birthdays, family information etc. If any of this information is listed as public on your profile, any third-party sites that you connect it to may be granted access to this information.

    • Signing in using your social media accounts on sites with little reputation can put the account itself at risk as you never know what the owners of those sites will do with the details you have used, like selling the information gathered to potential scammers.

If you would like more information regarding the pros and cons of using single sign-on with Facebook, google etc, this is a great article to have a look at:

https://www.welivesecurity.com/en/cybersecurity/one-login-rule-them-all-should-sign-in-google-facebook-other-websites/