It’s more secure to use unique passwords for each service and password managers for each app we use
Single logins are a dangerous practice for keeping the security of your social network accounts and other apps. Due to Facebook unique login feature, called Facebook Social Login, whoever has stolen the 50 million of access tokens of this social network could have used them to log into other apps and services used by people affected by the Facebook hacking, as reported by specialists in digital forensics from the International Institute of Cyber Security.
There are many options available to mitigate the risks generated by this type of events, such as password managers (a.k.a. password safes). Regardless of the password protection that users choose, the important thing here is to always create unique logins for each visited site. Thus, if a site or service suffers a security breach, attackers will not be able to exploit usernames and passwords to log into any other existing account.
Security and privacy concerns
Many cybersecurity and digital forensics experts also recommend avoiding single sign-on above everything. “Personally, I recommend that people do not use single sign-on services in their social network accounts. This practice represents a security and privacy concern for several reasons”, says Alan Woodward, security expert at the University of Surrey.
Choosing between convenience and security
Woodward says it’s easy to know why there is such an insecure practice as single sign-on, because users, as well as service and apps admins, wanted an easy way to choose a secure password, without having to select and manage many secure passwords for many different sites.
“The main issue is the security of log into third-party apps. There is always a risk of identity theft if the single sign-on service has been compromised. A password manager will generate and store secure passwords that are different for each service, which is the best way to authorize access to each of the services we use”, mentions the expert in digital forensics.
Should we all consider using a password manager?
Yes. At least that’s what specialists from the UK National Cyber Security Center consider, as these kinds of tools provide huge benefits due to the large number of passwords you have to remember. This is because they allow users to generate complex and unique passwords for each site they use in a very simple way. That way, if a site is compromised, the attacker cannot reuse the victim’s username and password for other services.
The only thing the user should remember is their master password. “If you forget your password manager’s master password, you will not be able to re-enter”, the experts mention. In that case, the user will have to try to access all their accounts individually, or re-create them from scratch, a task that can be tedious or even impossible.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.