The Center for Consumer Protection in the German state of North Rhine-Westphalia has warned that the Single Sign-on function is dangerous.
Although this convenient function allows the user to simply log in with an account that already exists in one of the popular web services, the German Center advised against using it, arguing that after performing the single sign-on process, companies can collect comprehensive data about the user and know what he is doing on the site in question. .
In addition, companies often receive information from the user's public account, and this data is more than what is required in the normal login process, and by relying on this information, a personal user account can be created for advertising purposes.
If the password of the account that is used in the single sign-on function falls into the hands of strangers, then a big problem arises, as the third party will be able to access the relevant account with the Internet company, as well as to all other pages where this account is used via the login function Single sign-on.
Hackers launched targeted searches to access accounts that are used as public keys, and the German Center for Consumer Protection stated that Facebook announced in early October that hackers had managed to steal login data for Facebook users through hundreds of applications.
These fake applications offered the user the option to "Login with Facebook", so the victims filled out phishing forms, which passed the login data directly to the hackers in order to gain control of the compromised Facebook accounts.
Websites or services that are logged in with the single sign-on function can request broad access rights within the account, the user may not be aware of this, but may like spam posts without the user's desire, such rights are usually listed when setting Single sign-on.
If the user wishes to continue using the single sign-on functionality however, he must read each provision and revoke some of the access rights, and if he is unable to do so, the only option is not to use the single sign-on functionality of the respective site and cancel the settings.
And the German Consumer Protection Center advised not to use the single sign-on function when wanting to pass as little personal data as possible, and in the event that you do not want to give up the convenience functions, the single sign-on account must be well secured by using a strong password and activating the two-factor authentication function.