security christmas

Time to clean up your social logins

←Previous postNext post →

As the end of the year closes in, there are no shortage of tips on how to get your home ready for the festive season. We think you should take a time out, and consider which application should still have access to your social accounts.

A 2 min read written by
Lars Erik Wollan

Proving who we are on the internet is not an easy task and giving away more or less personal information to random websites just to be able to test the latest social network of the day or be able to comment on someone’s blog post was for some time a bothersome process where one had to create accounts for all the different services.

This issue was solved by several major companies, predominantly social networks, where most of use already had registered already.

The social login

Services as “Login with Facebook”, “Google Sign-In” with more, provide third parties a frictionless way to authenticate users on their site without requiring their users to create a new account on their site. In return the selected login provider receives more information on which sites you visit and an probably sell your more native content or advertisements. This can be a fair trade, the third party can authenticate the user, the user can use the service without creating a new account.

Reduce attack surface

For the purpose of this posting, we will not go in to the technical implementation nor the privacy implications, but we think that reducing your attack surface will improve your security and privacy online.

We suggest you login to your various social networks and see if you have given access to your personal information to any service or application your do not use.

We have found that doing it a yearly task, we are able to keep the number of services that have access to our Google account or Facebook profile to a bare minimum.

A few examples

Facebook

Go to the Apps and Websites tab under Settings in Facebook. There you can see which applications and websites can access some of your Facebook profile, or in some cases, your friends profiles.

https://www.facebook.com/settings?tab=applications&section=removed

Google

Login to your Google account and go the Google Account. Under Sign-in & security a link which open a list of connected applications can be found.

https://myaccount.google.com/security#connectedapps

Twitter

The Twitter web page let your access which applications are connected to your account. https://twitter.com/settings/sessions

Closing thoughts

We for sure had forgotten all about several of the application we had given access to our Twitter account back in 2015. So, let 2019 begin with a clean start.

←Previous postNext post →