Social login is a form of

single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...

using existing information from a

social networking service A social networking service or SNS (sometimes called a social networking site) is an online platform which people use to build social networks or social relationships with other people who share similar personal or career content, interests, act ...

such as

Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin M ...

Twitter Twitter is an online social media and social networking service owned and operated by American company Twitter, Inc., on which users post and interact with 280-character-long messages known as "tweets". Registered users can post, like, and ...

Google Google LLC () is an American multinational technology company focusing on search engine technology, online advertising, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics. ...

, to sign into a third party website instead of creating a new login account specifically for that website. It is designed to simplify logins for end users as well as provide more and more reliable demographic information to web developers.

How social login works

Social login links accounts from one or more social networking services to a website, typically using either a plug-in or a widget. By selecting the desired social networking service, the user simply uses his or her login for that service to sign on to the website. This, in turn, negates the need for the end user to remember login information for multiple

electronic commerce E-commerce (electronic commerce) is the activity of electronically buying or selling of products on online services or over the Internet. E-commerce draws on technologies such as mobile commerce, electronic funds transfer, supply chain manageme ...

and other websites while providing site owners with uniform demographic information as provided by the social networking service. Many sites which offer social login also offer more traditional online registration for those who either desire it or who do not have an account with a compatible social networking service (and therefore would be precluded from creating an account with the website).

Application

Social login can be implemented strictly as an authentication system using standards such as

OpenID OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provider ...

SAML Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based ...

. For consumer websites that offer social functionality to users, social login is often implemented using the

OAuth OAuth (short for "Open Authorization") is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. T ...

standard. OAuth is a secure authorization protocol which is commonly used in conjunction with authentication to grant 3rd party applications a "

session token In computer science, a session identifier, session ID or session token is a piece of data that is used in network communications (often over HTTP) to identify a session, a series of related message exchanges. Session identifiers become necessary ...

" allowing them to make API calls to providers on the user's behalf. Sites using the social login in this manner typically offer social features such as commenting, sharing, reactions and

gamification Gamification is the strategic attempt to enhance systems, services, organizations, and activities by creating similar experiences to those experienced when playing games in order to motivate and engage users. This is generally accomplished thro ...

. While social login can be extended to corporate websites, the majority of social networks and consumer-based identity providers allow self-asserted identities. For this reason, social login is generally not used for strict, highly secure applications such as those in banking or health.

Advantages of social login

Studies have shown that website registration forms are inefficient as many people provide false data, forget their login information for the site or simply decline to register in the first place. A study conducted in 2011 by Janrain and Blue Research found that 77 percent of consumers favored social login as a means of authentication over more traditional online registration methods. Additional benefits: * ''Targeted Content'' - Web sites can obtain a profile and social graph data in order to target personalized content to the user. This includes information such as name, email, hometown, interests, activities, and friends. However, this can create issues for privacy, and result in a narrowing of the variety of views and options available on the internet. * ''Multiple Identities'' - Users can log into websites with multiple social identities allowing them to better control their online identity. * ''Registration Data'' - Many websites use the profile data returned from social login instead of having users manually enter their PII (Personally Identifiable Information) into web forms. This can potentially speed up the registration or sign-up process. * ''Pre-validated Email'' - Identity providers who support email such as

and

Yahoo! Yahoo! (, styled yahoo''!'' in its logo) is an American web services provider. It is headquartered in Sunnyvale, California and operated by the namesake company Yahoo Inc., which is 90% owned by investment funds managed by Apollo Global Man ...

can return the user's email address to the 3rd party website preventing the user from supplying a fabricated email address during the registration process. * ''Account linking'' - Because social login can be used for authentication, many websites allow legacy users to link pre-existing site account with their social login account without forcing re-registration.

Disadvantages of social login

Utilizing social login through platforms such as Facebook may unintentionally render third-party websites useless within certain libraries, schools, or workplaces which block

social networking services A social networking service or SNS (sometimes called a social networking site) is an online platform which people use to build social networks or social relationships with other people who share similar personal or career content, interests, act ...

for productivity reasons. It can also cause difficulties in countries with active

censorship Censorship is the suppression of speech, public communication, or other information. This may be done on the basis that such material is considered objectionable, harmful, sensitive, or "inconvenient". Censorship can be conducted by governments ...

regimes, such as

China China, officially the People's Republic of China (PRC), is a country in East Asia. It is the world's most populous country, with a population exceeding 1.4 billion, slightly ahead of India. China spans the equivalent of five time zones and ...

and its "

Golden Shield Project The Golden Shield Project (), also named National Public Security Work Informational Project, is the Chinese nationwide network-security fundamental constructional project by the e-government of the People's Republic of China. This project i ...

," where the third party website may not be actively censored, but is effectively blocked if a user's social login is blocked. There are several other risks that come with using social login tools. These logins are also a new frontier for fraud and account abuse as attackers use sophisticated means to hack these authentication mechanisms. This can result in an unwanted increase in fraudulent account creations, or worse; attackers successfully stealing social media account credentials from legitimate users. One such way that social media accounts are exploited is when users are enticed to download malicious browser extensions that request read and write permissions on all websites. These users are not aware that later on, typically a week or so after being installed, the extensions will then download some background Javascript malware from its command and control site to run on the user's browser. From then on, these malware infected browsers can effectively be controlled remotely. These extensions will then wait until the user logs into a social media or another online account, and using those tokens or credentials will sign up for other online accounts without the rightful user's express permission.

Aggregating social login

Social login applications compatible with many social networking services are available to web developers using

blog A blog (a truncation of "weblog") is a discussion or informational website published on the World Wide Web consisting of discrete, often informal diary-style text entries (posts). Posts are typically displayed in reverse chronological order ...

ging platforms such as

WordPress WordPress (WP or WordPress.org) is a free and open-source content management system (CMS) written in hypertext preprocessor language and paired with a MySQL or MariaDB database with supported HTTPS. Features include a plugin architecture ...

. Companies such as

Gigya Gigya, Inc. is a technology company founded in Tel Aviv, Israel and headquartered in Mountain View, California with additional offices in New York, Tel Aviv, London, Paris, Hamburg, and Sydney. Offering Gigya offers a customer identity m ...

Janrain Janrain, sometimes styled as JanRain, is a customer profile and identity management (CIAM) software provider based in Portland, Oregon, United States. It was established in 2002. Akamai acquired Janrain in January 2019. History Janrain was fou ...

, Oneall.com, Lanoba.com, and

LoginRadius LoginRadius Inc. is a cloud-based SaaS Consumer Identity and Access Management platform based in San Francisco, California, USA. It was established in 2012. The company was ranked as an Overall Leader by KuppingerCole analyst firm in the 'Kupp ...

also provide single solution social login services for web developers. These companies can provide social login access to 20 or more social network sites.

Security

In March 2012, a research paper reported an extensive study on the security of social login mechanisms. The authors found 8 serious logic flaws in high-profile ID providers and relying party websites, such as

(including Google ID and PayPal Access),

Freelancer ''Freelance'' (sometimes spelled ''free-lance'' or ''free lance''), ''freelancer'', or ''freelance worker'', are terms commonly used for a person who is self-employed and not necessarily committed to a particular employer long-term. Freelance w ...

FarmVille ''FarmVille'' is a series of agriculture-simulation social network game developed and published by Zynga in 2009. It is similar to ''Happy Farm'' and ''Farm Town''. Its gameplay involves various aspects of farmland management, such as plowing l ...

Sears.com Sears, Roebuck and Co. ( ), commonly known as Sears, is an American chain of department stores founded in 1892 by Richard Warren Sears and Alvah Curtis Roebuck and reincorporated in 1906 by Richard Sears and Julius Rosenwald, with what began a ...

, etc. Because the researchers informed ID providers and the third party websites that relied on the service prior to public announcement of the discovery of the flaws, the vulnerabilities were corrected, and there have been no security breaches reported. This research concludes that the overall security quality of SSO deployments seems worrisome. Moreover, social logins are often implemented in an insecure way. Users, in this case, have to trust every application which implemented this feature to handle their identifier confidentially. "Social Login Setups – The Good, the Bad and the Ugly"
- CloudRail, August 2, 2016 Furthermore, by placing reliance on an account which is operable on many websites, social login creates a single point of failure, thus considerably augmenting the damage that would be caused were the account to be hacked.

List of notable providers

Here is a list of services (commonly social networks) that provide social login features which they encourage other websites to use. *

Alipay Alipay () is a third-party mobile and online payment platform, established in Hangzhou, China in February 2004 by Alibaba Group and its founder Jack Ma. In 2015, Alipay moved its headquarters to Pudong, Shanghai, although its parent company An ...

AOL AOL (stylized as Aol., formerly a company known as AOL Inc. and originally known as America Online) is an American web portal and online service provider based in New York City. It is a brand marketed by the current incarnation of Yahoo (2017� ...

Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, wh ...

KakaoTalk KakaoTalk (Hangul: 카카오톡), commonly referred to as KaTalk (Hangul: 카톡) in South Korea, is a mobile messaging app for smartphones operated by Kakao Corporation. It was launched on March 18, 2010, and it is available on mobile and deskto ...

* Line *

LinkedIn LinkedIn () is an American business and employment-oriented online service that operates via websites and mobile apps. Launched on May 5, 2003, the platform is primarily used for professional networking and career development, and allows job se ...

PayPal PayPal Holdings, Inc. is an American multinational financial technology company operating an online payments system in the majority of countries that support online money transfers, and serves as an electronic alternative to traditional paper ...

* QQ *

Sina Weibo Sina Weibo (新浪微博) is a Chinese microblogging ( weibo) website. Launched by Sina Corporation on 14 August 2009, it is one of the biggest social media platforms in China, with over 582 million monthly active users (252 million daily acti ...

Taobao Taobao () is a Chinese online shopping platform. It is headquartered in Hangzhou and is owned by Alibaba. According to Alexa rank, it is the eighth most-visited website globally in 2021. Taobao.com was registered on April 21, 2003 by Alibaba ...

* Vkontakte (ВКонтакте) *

WeChat WeChat () is a Chinese instant messaging, social media, and mobile payment app developed by Tencent. First released in 2011, it became the world's largest standalone mobile app in 2018, with over 1 billion monthly active users. WeChat has bee ...

References

{{Reflist