Two-Factor Authentication (2FA) Explained: Social Login

     

social_login_computer

Companies and end-users alike are constantly looking for authentication methods that lower barriers to entry and improve user experience without compromising security.

Social login is one solution to this authentication challenge. Social login enables users to conveniently register and log into websites and portals using their existing, pre-verified social network accounts, such as Facebook, Twitter, Google+, and LinkedIn.

This method is popular with users because it doesn’t require them to create yet another user ID and password to remember (and possibly forget). Users simply log in using their social network logins in place of another set of credentials.

How Social Login Works

To define the authentication policy, network administrators simply select the desired social network and provide the ID and secret field values, which are obtained through the network’s developer pages.

For new users, setup is an easy, two-click registration experience. A new user clicks on a social network button to register and is redirected to the social network site to confirm permissions. Then, the user is returned to the website’s previous page to complete the registration process.

To log in to the website or portal moving forward, users simply enter the login credentials for the social network they selected during the registration process.

For added security, organizations can combine social login with additional layers of authentication for users who require access to more sensitive systems and data.

Benefits

Reduces Login Issues and Password Fatigue

The average user accesses more than 40 accounts. With so many accounts, users often struggle to remember their various login credentials. Social login eases this burden by allowing people to use existing login credentials.

This also reduces the likelihood of a failed login attempt. Having to reset a password increases user frustration and the risk that the user will just leave the site. In fact, a survey conducted by Blue Research found that one-third of respondents said they frequently leave a website instead of resetting or recovering login information. A whopping 92 percent of the respondents said they had done this on at least one occasion.

Ease of Use 

Social login is quick and easy to use. Users don’t have to fill out a lengthy form and can complete registration with a couple of clicks. This is especially helpful for mobile users because forms can be difficult to complete on the smaller interface.

More Registrations and More Customers

This ease of use translates into higher registration rates and fewer abandoned purchases. 54 percent of respondents to another Blue Research survey said they may leave a website and not return rather than complete a registration form. In addition, 22 percent of online shoppers will abandon their shopping carts if they have to create a new account, according to a VWO eCommerce Survey.

Familiarity and User Control

With social login, users retain control of their preferences and privacy settings. The user is in control of what information is shared via the social network. Users can also choose which social network identity to use, thus enabling them to select their preferred social channel.

Additionally, most customers are familiar with social channels, which can be helpful if they don’t know your brand or haven’t previously completed an ecommerce transaction through your website.

Provides Permission-Based Access to User Data

By choosing to authenticate via social login, users give an organization access to their social profile data. That way, you can get a better understanding of your users, which, in turn, enables you to provide them with more relevant, targeted content.

You also get more accurate information. Users don’t always accurately complete registration forms. According to Blue Research, 88 percent of users admit to entering incomplete or incorrect data on registration forms. With social login, not only is social information more likely to stay up to date, but users’ email addresses are also pre-verified.

Shifts Complexity and Risk to a Third Party

Organizations, particularly smaller ones, can use social login to shift sign-in complexities and risks to third parties.

Drawbacks

Certain Networks Block Social Media

Some networks block social media. This can be in the form of company restrictions on social media site access for productivity reasons or in the form of government censorship.

Security Vulnerabilities

Though social login can provide a secure and simple authentication method, there are also associated security risks. For example, there are malicious browser extensions that can infect a browser, take control, and sign into user accounts without their knowledge. If a social network account is compromised, then the accounts that the individual signs into with social login are also at risk.

Loss of Control to a Third Party

There are trade-offs with handing authentication control over to a third party. If a social network site is down, then users might not be able to access accounts on other sites using their social login.

In addition, if a user deletes a social network account, the other accounts he or she was using those credentials to log into will also be deleted.

Lack of User Trust

Some users don’t trust companies to appropriately use their social profile data or worry that the company will post on their social media feeds without authorization. For example, the recent Facebook data sharing scandal affected 87 million users has renewed data privacy concerns and eroded trust in using social accounts for access.

Not Everyone Has Social Accounts

Many people don’t use social media for various reasons. If social login is the only authentication option you offer, you will miss out on these users.

Still Might Not Get the Right Data

Even though the data supplied for social login tends to be fairly up to date, you might still not get the right data. For example, a user may no longer be using the email address used to sign up to a social network.

Users can also set their privacy settings, so that they don’t share any information. Or, users can simply put inaccurate info on social network accounts.

Including Social Login as an Authentication Option

Social login offers an easy-to-use, streamlined experience for users and great data for the organization. Statistics show it can increase conversions and build brand loyalty.

Like all forms of authentication, organizations must weigh the benefits against the potential drawbacks—such as not everyone having social accounts or not wanting to use social login in light of recent data privacy scandals.

Social login offers many benefits, but we recommend providing users a choice in authentication options in case it is not their preferred method.

Download our guidebook to learn which authentication methods are recommended for different user scenarios.

Comments

Subscribe Here!