Evaluating the Risks of Social Login
While Information Security people have been rather reluctant regarding social logins, there always has been pressure from Marketing, Sales, and Business Development departments. The reasons given by InfoSec people to be more careful have been aspects such as the authentication strength and assurance of these services. Marketing on the other hand has seen this as a “must have” feature for customer convenience and to be “modern”. There is a value in BYOI (Bring Your Own Identity), enabling the customer to use one ID for multiple services, avoiding redundant registration and the “password sprawl”, requiring him keeping many passwords in mind. But unfortunately, social logins are not secure. New initiatives, such as the FIDO Alliance, are pushing more secure approaches for BYOI that can work with or without social logins.
Aside from information security aspects, there is another challenge, which so far has been widely ignored. It is the simple question: Is supporting social logins really good for business? Looking at the way the social networks operate and their business models, supporting social logins is about massively leaking information about your customers, leads and prospects to 3rd parties, like Facebook or Google, and through those possibly even to your competition. How does this influence your benefits / risk equation?
In this talk, Mike Small will provide a deeper look on how social logins can create competitive disadvantages and what the alternatives are to provide BYOI without the risk of leaking information to competitors.
How to Enable Social and Mobile Login – and Beyond
In this thought leadership panel, the panelists will discuss the various options for securely enabling social and mobile logins in existing on-premise IAM infrastructures and by adding Cloud-based services. Supporting these environments is a common requirement and IT organizations have to be able to react on this. They especially must support mobile security as part of this, in the context of secure access to information (and not only by protecting devices). However, today’s approaches – namely the plumb support of social logins – will face change. Thus, the panel will also look at alternative solutions on how to support BYOI – for mobile users and others. New features of mobile devices such as NFC or integrated fingerprint readers provide new opportunities for mobile security and BYOI.