Protect Your Data With Single Sign-on Whenever Possible
No company, be it a startup or a conglomerate, has a perfect security system. The Chipotle payment system was hacked , OneLogin was leaked, and even Google was faced with a bad phishing exploit that resulted in thousands of accounts being compromised from a shared document. In other words, I am wary of providing any information to companies that have no experience in securing it.
It just means that all security is difficult and you should get into the habit of keeping your login details safe. This often means that you don’t need to log in at all. This is where SSO comes in handy. Not only are they more secure than the usual username and password combination, but you also need less login information in the long run.
In short, single sign-on (SSO) services act as your username and password on supported websites, and your primary account (from Google, Facebook, Microsoft, etc.) acts as your account.
Universal security check
Using a secure single sign-on service provided by Facebook, Google, Twitter, and Microsoft, among others, provides a second layer of security that is greater than what you would get on a regular site that collects user sign-in data and stores it in less-than-ideal locations or with poor standards. encryption .
Two-factor authentication is an additional layer of security that should be used whenever possible. It prevents attackers who gain access to your username and password from entering your account without additional form of identification – usually a text message from your phone or randomly generated code from an authenticator app.
If your site doesn’t support two-factor authentication or single sign-on, be careful. Use a password manager (of course) to create a confusing password, and if you’re being extra careful, use a fake email address (or one of the many email addresses provided by Gmail ).
You know what data they need
When using single sign-on services, sites must tell you what data they collect and why. Just as you might be prompted to provide a microphone or contact access when installing an app, using SSO will prompt the site to request information such as your email address or contact list, or the ability to post to social media on your behalf, and usually allow you to accept or reject them.
Services that request access to personal data (for example, newsletter subscription services ) do indeed have the ability to accept that data and deliver it to third parties, possibly without your knowledge. Yes, they are usually long, but you should check the site’s privacy policy to find out what data they collect and what exactly they do with that data. If this happens, it is easier to disable them using SSO.
Cut them off with one click
The killer feature of using a single sign-on provider is the ease with which you can revoke access to data, usually with just a few clicks. Have you ever tried to cancel your account on some trivial site? For me, this usually means deciding to cancel my account just to get to the support page on the forum where it says to cancel your account you need to send an email to customer support, create a ticket, make sure it has been deleted. rather than logging into a dual system. check that it is gone, because you can reactivate it and hope that your data is destroyed in a timely manner (usually it is not).
Sure, using SSO gives businesses access to information that they would not normally have access to, but the convenience of managing logins from fewer locations, coupled with the increased security that you get with Secure SSO. -on services such as Google or Facebook means it will be easier for you to find and remove the criminal.
No more passwords
Your password manager is a great repository for storing passwords, personal information, and other junk that you’d rather get out of your head (like your library card number).
The security of your password depends on its weakest link. If you don’t update your passwords, or make the mistake of reusing them across multiple sites, you’re creating security holes that can be easily filled with something like a password manager.
But what’s the best thing about throwing up your arms in defeat and using an SSO provider like Google or Facebook? No more. Passwords! Well, you need to know your Google and Facebook passwords, but other than that, any site using your SSO won’t require you to create another line of text and numbers to remember (or remember to generate and save).
Of course, SSO is not immune to attackers. In addition to following the steps outlined by your login provider, you can further protect yourself from malicious attacks by using two-factor authentication by updating your secondary contact information (such as an alternate email address ) and having a paper code backup. …