This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Social Login
Social Login

Version management

Difference between version and

At line 1 added 47 lines
!!! Overview
Social login, also known as social sign-in, is a form of single sign-on using existing login information from a [Social Websites] services such as [Facebook], [Twitter] or [Google] to sign into a third party website in lieu of creating a new login account specifically for that website. It is designed to simplify logins for end users as well as provide more and more reliable demographic information to web developers.[1]
[{$pagename}] provide what we refer to as a [Social Identity Provider] as the [Identity Provider (IDP)] for an [Authentication Method]
Many of [{$pagename}] will utilize [OpenID Connect] for [Federated Identity] as the [Identity Provider (IDP)].
[Facebook] uses a Proprietary Extension to [OAuth 2.0] but it is not [OpenID Connect]. [Facebook] is a member of the [OpenID Foundation] since 2009.[2]
Although the definition from Wikipedia implies "in lieu of creating a new login account specifically for that website", the reality is there would typically be a [Digital Identity] created for "that website" but no [credentials] would be stored within this [Digital Identity] as "that website" would rely on the [{$pagename}] to provide [Authentication].
!! [Traditional Registration]
Registration that relies on traditional username/[password] [authentication] on the web suffers from a number of issues that reduce its efficacy, increase costs, and significantly increase [risk] for an organization.
Fortunately, by leveraging [{$pagename}], in which existing identities from social networks, like Facebook, Google, and Twitter, are used to register and sign in to sites, companies can mitigate these risks, reduce costs, and improve new customer conversion rates.!! Benefits of [{$pagename}]
[{$pagename}] increases user logins by as much as 50%. As users are typically averse to creating yet another [credential] which they would need to keep track of, [{$pagename}] lowers the barriers to creating the login.
Benefits of [{$pagename}]:
* Security is improved by shifting the burden of data protection to large-scale operators [Social Networks|Social Websites].
* The cost of customer support required [Password Management] in is similarly transferred.
* Better [User Experience] as it less likely that your users will forget the more-commonly-used [Password Authentication] registered at their favorite [Social Websites].
* No [UserId]/[passwords] are transmitted during the third-party authentication process, only [authorization] [tokens].
* [Website] owners can leverage security technologies implemented by the top [IDPs] that they might never be able to replicate themselves.
* Increases revenues by decreasing the [friction] of the customer registration process
!! [{$pagename}] Security
The top [{$pagename}] [Identity Provider (IDP)] use sophisticated technology that analyzes every sign-in attempt in real time, taking into account
* the user’s previous behavior
* the reputation of the IP address
* the geographical location of the sign-in attempt
The top [{$pagename}] even lets users review their recent signin activity, listing the time and location where each sign-in occurred to help users detect unauthorized activity on their account.
[Google] (and maybe the others) alerts users when unusual [Authentication] is detected on their account. For instance, if a user has a pattern of signing in from a particular city or state, and then [Authentication] in from a distant country on the other side of the world, [Google] will notify the user by email. If this security tactic sounds familiar, it should—[Payment Card] companies employ the same mechanisms to prevent and detect unauthorized activity.
Most of the The top [{$pagename}] also provide [Multi-Factor Authentication] abilities.
!! [FICAM] [compliance]
For those [organizational Entity]s requiring advanced security measures, such as those outlined in the [Federal Identity Credential and Access Management] ([FICAM]) framework, compliance can be achieved, cost-effectively, through the use of [IDPs] that support the [Provider Authentication Policy Extension|OpenID Provider Authentication Policy Extension] ([PAPE]), such as [Google], [PayPal], and [Symantec] (formerly Verisign).
When [FICAM] support is requested by a [website] at user sign-in, all API calls to the [IDP] include the request that [FICAM] policies be applied to the [authentication] and user data shared with the site by the consumer.
!! [Legitimacy of Social Login]
The [Legitimacy of Social Login] is increasing.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Social Login|Wikipedia:Social_login|target='_blank'] - based on data observed:2015-05-19
[Facebook joined the OpenID Foundation’s board as a sustaining corporate member.|https://openid.net/tag/facebook/|target='_blank'] - based on information obtained 2016-03-18
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop