Social Login


Social login, also known as social sign-in, is a form of single sign-on using existing login information from a Social Websites services such as Facebook, Twitter or Google to sign into a third party website in lieu of creating a new login account specifically for that website. It is designed to simplify logins for end users as well as provide more and more reliable demographic information to web developers.[1]

Social Login provide what we refer to as a Social Identity Provider as the Identity Provider (IDP) for an Authentication Method

Many of Social Login will utilize OpenID Connect for Federated Identity as the Identity Provider (IDP).

Facebook uses a Proprietary Extension to OAuth 2.0 but it is not OpenID Connect. Facebook is a member of the OpenID Foundation since 2009.[2]

Although the definition from Wikipedia implies "in lieu of creating a new login account specifically for that website", the reality is there would typically be a Digital Identity created for "that website" but no credentials would be stored within this Digital Identity as "that website" would rely on the Social Login to provide Authentication.

Traditional Registration#

Registration that relies on traditional username/password authentication on the web suffers from a number of issues that reduce its efficacy, increase costs, and significantly increase risk for an organization. Fortunately, by leveraging Social Login, in which existing identities from social networks, like Facebook, Google, and Twitter, are used to register and sign in to sites, companies can mitigate these risks, reduce costs, and improve new customer conversion rates.

Benefits of Social Login#

Social Login increases user logins by as much as 50%. As users are typically averse to creating yet another credential which they would need to keep track of, Social Login lowers the barriers to creating the login. Benefits of Social Login:

Social Login Security#

The top Social Login Identity Provider (IDP) use sophisticated technology that analyzes every sign-in attempt in real time, taking into account
  • the user’s previous behavior
  • the reputation of the IP address
  • the geographical location of the sign-in attempt
The top Social Login even lets users review their recent signin activity, listing the time and location where each sign-in occurred to help users detect unauthorized activity on their account.

Google (and maybe the others) alerts users when unusual Authentication is detected on their account. For instance, if a user has a pattern of signing in from a particular city or state, and then Authentication in from a distant country on the other side of the world, Google will notify the user by email. If this security tactic sounds familiar, it should—Payment Card companies employ the same mechanisms to prevent and detect unauthorized activity.

Most of the The top Social Login also provide Multi-Factor Authentication abilities.

FICAM compliance#

For those organizational Entitys requiring advanced security measures, such as those outlined in the Federal Identity Credential and Access Management (FICAM) framework, compliance can be achieved, cost-effectively, through the use of IDPs that support the Provider Authentication Policy Extension (PAPE), such as Google, PayPal, and Symantec (formerly Verisign).

When FICAM support is requested by a website at user sign-in, all API calls to the IDP include the request that FICAM policies be applied to the authentication and user data shared with the site by the consumer.

Legitimacy of Social Login#

The Legitimacy of Social Login is increasing.

More Information#

There might be more information for this subject on one of the following:
Facebook joined the OpenID Foundation’s board as a sustaining corporate member. - based on information obtained 2016-03-18