Social Sign on: A penny wise pound foolish option?

by RAJ KAMAL Technology, Travel,Health & Medical

Since the spurt of social networks and the consequent mass acceptance and adoption, social sign-on as an authentication method has become quite prevalent to the point of being indispensable.

Sure, it's convenient and saves the hassle of remembering login details for a large number of sites, but is it really fool-proof? Time to find out!

How Social Sign-on works

Social sign-on has been in use for almost a decade now, with no major changes in its workings. Any site that wishes to simplify their user registration process can utilize the social sign-on API provided by some of the most common social media networks and integrate it with their registration systems.

A single website can provide multiple social sign-on options simultaneously as well, as long as only one account is being used at a time for authentication.

From your users’ standpoint, it is a very convenient option when compared to filling lengthy sign-up forms to perform a simple action on your site, be it reading an article or buying an item from your e-store.

A survey from Annex cloud reveals that 64% of consumers choose social login over traditional registration when given a choice. It also found that 92% of users have left a site instead of resetting or recovering the website login information that they have forgotten. Furthermore, the analysis done shows that sites with social login enabled showed an increased conversion rate by 15-20%.

While all these statistics favour adoption of social sign-on, surely there are some downsides? Social Sign-on has its fair share of issues which can prove costly to businesses adopting this method of authentication. A primary concern is that of how authentic the data obtained from the social network is.

User authenticity as opposed to authentication

Although these two terms sound very similar, it is important to remember that user authentication is very different from user authenticity. By implementing social sign-on on your website, you are undertaking the process of authenticating whether an account is a valid one or not. However, this does not check if the person running the account has entered genuine personal details or not.

So, while the authentication of a profile is taking place, it does not take into consideration whether that profile in itself is fake or inaccurate, but simply serves as a means of logging in due to the fact that the account simply exists on that social network.

This could prove costly for businesses that rely on genuine sign-ups or user data-based profiling and personalization and for those who want their users to have a singular account on the site.

Not really in your control, is it?

When you opt for authentication via a third party, you instantly cede control to them with regard to user data. For starters, you will need to ensure that your customer has an account on a social media website that is supported on your login platform.

Even if you manage to get past this initial hurdle, you can be faced with a number of other challenges such as downtime of the social media platform or its APIs (Application Programming Interface) and access control or firewall restrictions in institutions or organizations which block social media platforms on their network.

Also, these social networks occasionally make changes to their APIs, either from security or

functionality standpoint. If the social login parameters on your website are not properly configured to handle these changes, it could result in a broken authentication mechanism, causing inconvenience to a lot of your customers, and subsequently causing monetary losses to your business. Conversely, in order to keep your social login API up-to-date, you’ll need to hire or delegate a dedicated developer, adding on to your manpower costs.

Legal and financial implications

If your social sign-on is not properly implemented, the vulnerabilities can be exploited by hackers to gain fraudulent access to your user’s account on either your platform or on the social media website itself. This could have serious legal and financial implications if the user decides to sue you.

There are times when hackers could use certain hacked inactive accounts to login to your website and make unauthorized purchases. This again could lead to trouble, as you have no means to verify if the order is placed by a genuine user or not.

The re-acquisition challenge

By opting for user convenience through social sign-on at the sign-up stage, you’re more likely to get more registrations as compared to having your users fill up lengthy sign-up forms. However, the trade-off lies in not being able to acquire valuable customer data, which may be needed at a later stage.

Case in point, not all social platforms share user information such as emails or other personal information with the site using their social-sign on option. So, if a user ends up deleting their profile or getting suspended on the social media site itself, they consequently lose access to their account on your website too, leaving both you and the user with no means to contact or re-verify account details to restore access to your site.

This further translates to loss of revenue for you, due to the user not being able to use your site, and a consequent rise in your customer re-acquisition cost.

Make your user data yours alone!

A study conducted by the researchers at Microsoft identified several flaws and vulnerabilities with regard to Social Sign-on. The findings of the survey strongly highlight the need for users and website administrators to exercise caution while using social-sign on and look for alternative methods of secure yet hassle-free authentication.

The bottom line of all this is that while social-sign on offers convenience to your users and drives conversions, there are alternative options that can provide a similar, if not better, experience to your customers without the disadvantages discussed in this article. One of them is passwordless authentication, that totally negates any third-party intervention or filling lengthy sign-up forms during the registration phase.

Intrigued and want to find out more? Contact SAWO Labs today for modern authentication solutions that help you take back control of your user’s data.