Tech News

Friday, 17 February 2017 | MYT 10:00 AM

Convenience vs privacy: the dark side of log-in services

What price convenience: Log-in services like Facebook Connect are supposed to make the ordeal of various passwords a lot easier for you. But users pay a price for the service. — dpa

What price convenience: Log-in services like Facebook Connect are supposed to make the ordeal of various passwords a lot easier for you. But users pay a price for the service. — dpa

Online retailers, streaming services, booking platforms: a user account is needed for many websites. 

This means that you'll have to repeatedly enter personal data such as your name and e-mail address and come up with a username and a password – in addition to remembering them for future use. 

Log-in services like Facebook Connect are supposed to make this ordeal a lot easier for you. They offer a simple alternative to the bothersome creation of new accounts. The idea is fairly straightforward: Users will have already set up their data, thereby making it unnecessary to create a new identity for a website. 

The technical term for this is single sign-on. And that's how it works: With the access data of a user account such as Facebook, you'll be able to use various other services. If an online service has integrated the Facebook log-in interface, simply click on the log-in button to sign in from there. Twitter and Google also offer their own single sign-on solutions. 

This offers some advantages to the user: "You can use log-in data you're familiar with and avoid tedious individual sign-ins," says Christian Gollner, data protection expert at the Consumer Centre of the German state Rhineland-Palatinate. However, the users pay the price with their data. 

"Facebook and Google are doing business with data analysis." That's how companies will know at the very least which other services you are using, which makes it easier to customise advertising. 

Another thing to keep in mind: In some cases, even more data may be transmitted by the website to the log-in service. If you have the time, and are eager to find out what exactly, you can refer to the respective privacy policy. 

However, the information you'll find there may sometimes be quite vague. Here's an example from Spotify: The music streaming service simply says that they'll share "some information." 

Germany's Federal Office for Information Security (BSI) is critical of log-in services, not only because of the data shared. Users become dependent, explains a BSI spokesman. 

If you no longer want to use a service like Facebook and intend to delete your user account, for instance, you'll also lose access to online services tied to your account via Facebook Connect. This may cause users to think twice about whether to shut down their account with the log-in service. 

Experts also strongly advise against using the same login details for various or even all services. 

If hackers crack the access to the login service, this could cause enormous damage. They then gain access to all services on which you have signed in using the log-in – in order to do this, they simply have to try out the hacked log-in details on various popular sites. 

Once the login details fall into the wrong hands, then security is endangered for all the services used along with them, says Thorsten Strufe. He is professor for privacy and IT security at Dresden Technical University. He says that, for this reason, single sign-on services are not a good solution. 

Anyone who still wants to use them should at least be sure to use a secure password for access to the log-in service. According to experts, good passwords have at least 12 characters and comprise numbers, upper and lowercase letters and special characters. They should also not appear in dictionaries – not even partially. 

Users can also determine which personal details they offer for the convenient log-in. But as a general rule, they should only ever disclose as much as is absolutely necessary. — dpa


Powered by