Why you should (or shouldn’t) still be using Facebook’s login
If you worry about your data on Facebook — a reasonable anxiety after a round of revelations of past privacy breaches — how nervous should you be about logging in to other sites using your Facebook account?
The option to sign into other sites (USA TODAY among them) with your Facebook account is widespread, and adopting it isn’t crazy.
But you should evaluate how much of your Facebook profile each site sees — and consider other ways to ease logging in around the Web.
Reasons to use Facebook Login
The biggest reason to rely on this Facebook Login option is the least flattering: You’re terrible at passwords. Not letting Facebook handle this authentication — what’s called a “social login” — often leads people to choose a simple password or reuse a password from another site.
Either choice weakens your account at the site you could have logged into via Facebook. Password reuse also risks every other account with the same password — it only takes one data breach to leave them all open.
Assuming you set a reasonably strong password for your Facebook account and protect it with two-step verification (in which you confirm an unusual login with a one-time code sent to your phone), Facebook Login effectively ends those security worries. The other site never sees your Facebook password; instead, the social network sends it a temporary token confirming that it’s you.
Reasons not to
Many users have taken Facebook up on this shortcut. The customer-management firm Gigya reported that in the fourth quarter of 2015, Facebook Login constituted 62% of the social-login market. A similar firm, LoginRadius, found an even higher share for Facebook in that quarter, 68%.
But Facebook Login lets the other site see at least your name, profile image and email address. It probably gets more: Facebook didn’t limit the default data handover to those basics until March 21, when Zuckerberg announced policy changes after news broke of Cambridge Analytica’s alleged data heist through a Facebook app.
Facebook has since announced a tighter approval process for sites seeking access to your information beyond your public profile.
To see how sites see you through Facebook Login, inspect your apps settings. To get to them in a browser, click or tap the downward-facing triangle at the top right and select Settings; in Android, tap the three-line button at the top right and then Account settings; in iOS, tap the three-line button at the bottom right, then Settings, then Account Settings.
In either app, tap Apps; in a browser, choose Apps and Websites. “Logged in with Facebook” will list apps and sites on your account. Click or tap each to check its access and curtail it if the site ignored Facebook’s advice, “Only ask for the permissions you need.”
Your alternatives
For new logins, you should consider two alternatives.
The easy one is to use a social login from a different platform, such as Google (the leading option to Facebook in the Gigya and LoginRadius stats), Twitter or LinkedIn.
The more complicated but sounder choice is to use a password manager such as LastPass or Dashlane (both free). These browser and mobile apps save your passwords in an encrypted stash so they can fill them in automatically. They can also scan your existing passwords for weak ones.
Rob Pegoraro is a tech writer based out of Washington, D.C. To submit a tech question, email Rob at rob@robpegoraro.com. Follow him on Twitter at twitter.com/robpegoraro.