Why You Shouldn’t Use Facebook to Log In to Other Sites.

I’m getting to quit using Facebook to log in to apps and sites online. you ought to, too.

That’s the foremost reasonable thanks to answering Facebook’s announcement last week that a security breach allowed hackers to infiltrate the accounts of a minimum of 50 million users, and possibly tens of millions more. The hack gave attackers access to not just your Facebook account but also possibly the various accounts you used Facebook to log in with — services like Instagram, Spotify, Airbnb, Tinder, Pinterest, Expedia, The NY Times, and quite 100,000 other places online. Visit – Facebook login says “possibly” because neither Facebook nor third-party sites seem to understand the precise extent of the damage. during a statement on Tuesday, Guy Rosen, Facebook’s vice chairman of product management, said the corporate had “no evidence” that attackers breached other sites through the hack, but that the corporate was building more sophisticated ways for sites to try to their own deeper investigation. But the mere possibility is very troubling — and if the hack allowed access to the other sites, Facebook should be disqualified from acting as your sign-on service. This is a classic you-had-one-job situation. sort of a trusty superintendent during a Brooklyn walk-up, Facebook offered to hold keys for each lock online. The arrangement was convenient — the super was always right there, at the push of a button. it had been also safer than creating and remembering dozens of passwords for various sites. Facebook had a financial and reputational incentive to rent the simplest security people to guard your keys; plenty of small sites online don’t — and if they got hacked and if you reused your passwords elsewhere, you were hosed. But the extensive hack vaporizes those arguments. If the entity with which you trusted your keys loses your keys, you’re taking your keys elsewhere. And there are many more-secure and just-as-convenient ways to check in to things online. The best way is to use a fanatical password manager — a service, like LastPass or 1Password, that makes and remembers strong passwords for various sites. Operating systems and browsers also are recuperating at managing passwords; newer iPhones, as an example, allow you to unlock sites with face recognition, which is simply as convenient as pressing Facebook’s button. If for a few reasons you don’t want to use a password manager, you’ll use another tech giant’s sign-on service. When presented with alternative ways to check in to sites, you’ll choose Google or Microsoft rather than Facebook. Yes, it’s possible those companies might be hacked at some point, too. After all, Yahoo was hacked, as was LinkedIn, as was Equifax. But at this moment, a sign-on service by Google or Microsoft has one big advantage over Facebook: Those companies didn’t lose control of fifty million people’s accounts, and Facebook did. I decided to quit using the social network as a login service after chatting with Jason Polakis, a professor of computing at the University of Illinois at Chicago, who has studied the safety of sign-on services like Facebook. Mr. Polakis allowed that there are tremendous convenience benefits and even some security benefits to one sign-on. “Obviously, big companies like Facebook and Google have amazing engineers, and their security practices are generally before the curve compared to other, smaller websites,” he said. But no company, not even one as big and wealthy as Facebook or Google, can guarantee perfect security.