You may have seen an option on certain websites to ‘sign in using your Facebook account’ and wondered what this means and how it might affect your privacy. Well, now might be a good time to find out as you could be seeing more of this in the future.
In August of this year, Facebook posted that its login process had been integrated with 81 of the top 100 grossing iOS apps and 62 of the top 100 grossing Android apps. So what does this mean and how safe is it to log into another site using Facebook?
The benefits of logging in via Facebook
Facebook argues that instead of having to remember strong passwords to all the sites you use, life is much simpler if you use a common and secure credential such as your Facebook login. This sign up mechanism also avoids having to fill out time-consuming forms when registering with a new site. And so, the practice of authentication via third-party is becoming more and more popular.
Of course, it you do choose to login using your Facebook password, you would be well advised to consider how ‘strong’ your Facebook login actually is and whether you are comfortable using it to access multiple sites. After all, you are essentially putting all your logins in one basket.
Facebook calls it ‘Instant Personalization’. In their words, logging into a website via an integrated Facebook login provides a ‘social and personalized experience’. But whilst it may save time if your profile picture and details can be automatically used for each new site, it does also means you can be targeted with relevant advertising and promotions. We’ll let you decide whether that is a benefit or not!
Another potential attraction for the user (but let’s face it, probably even more so for the company whose app you are using) is that, by logging in via your Facebook account, you will be able to see friends of yours who are already logged in with their accounts – and they can see you too. This kind of integration makes it easier for site visitors to share content – which provides brands with free word-of-mouth advertising.
Restrictions on how your information can be used
Thankfully, there are restrictions on how these sites can use your information (visit The Facebook Platform Policies to find out more.
For example, if you have already blocked a user on Facebook, they will not be able to see you on a new site you’ve logged into with your FB credentials. What’s more, when other users log into a website, those users will not be able to see information you’ve added through Facebook that they wouldn’t otherwise be able to see simply by browsing Facebook. Remember, you can decide what types of information your friends’ apps can access from the Apps > Apps others use section on the Privacy Settings page.
How safe is it to log in via Facebook?
So how will you know what will be shared with your friends when you use the Facebook login? Websites and mobile apps that use Facebook Login must now ask separately for permission to access your profile information to log in or sign up or share activities back to Facebook.
This allows you to skip sharing altogether should you wish but there is also an option to choose the audience you share to, whether it be to Friends, Only Me or a custom audience. This gives you more control over how and when you choose to share app activities back to Facebook. Facebook also makes it clear in its help section under ‘Facebook on other sites’ that if you sign up using Facebook and the site you are visiting asks for additional information, that information will not be published back to Facebook, and Facebook doesn’t store any data without your explicit permission.
Making sure it’s not a phishing attempt
If you are prompted to log in to a web site or app with Facebook then they should be using the Facebook Platform and as such ought to be following the Facebook Platform Policies alluded to above. But Facebook also warns against the potential for phishing attacks.
It states: ‘You should make sure that clicking on the Login button opens in a separate browser pop-up window, and that the Web address for the pop-up contains the proper “www.facebook.com” domain. If it does, you’ll know that it’s a legitimate Facebook page and not a phishing attempt, and you can log in safely and securely’