How Single Sign On Works. - GoTechTalk


Saturday, July 20, 2019

How Single Sign On Works.


You probably also have grown weary of having to sign up for a new account over and over and over again so whenever you see one of those super convenient buttons that says sign in with Facebook or Google or soon sign in with Apple you eagerly click on them but how do they work and are you possibly giving away too much of your personal information.

So these buttons use a protocol called OAuth which takes advantage of the fact that services like Google and Facebook have enormous user bases and many of those people use them as primary services for communication and they already store their personal details in them like their names and email addresses the kind of basic stuff that many sites would require for your account activation regardless of how you sign up,  So what OAuth does is it allows whatever third-party site you're trying to register for to access your Google or Facebook account but not in its entirety\ instead the site is only allowed to view certain pieces of your account typically a name and email at the minimum and maybe a profile picture so OAuth manages this by first checking that you are actually signed in to your Google or Facebook account then assigning a special access token and a secret which is basically a password to the third party site so that Google or Facebook know only to give that site access to certain parts of your profile, now an important note here is that OAuth doesn't reveal your actual Facebook or Google account password so shady sites can't access or modify more information than they explicitly tell you that they will and that you authorize them to do.

One key though is to double-check what permissions you're giving the site because many of them will allow you to modify what parts of your profiles they can access so that you can prevent a situation like you know some site that you use for promo codes constantly posting embarrassing coupons to your Facebook Timeline.

For the most part this single sign-in works well and is quite convenient but of course in the world of tech someone is always trying to find a way to do it better and Apple thinks it indeed has something superior with its new sign-in with Apple service, so first up is integration with face ID and touch ID in an effort to give the sign-in process a boost in both convenience and security so that's pretty cool, but it's not necessarily even the main selling point here one of Apple's big innovations is that sign-in with Apple will actually permanently hide your email address from third-party servicesthis is important because in some ways an email account is kind of a master key because it serves as a master account with password reset capabilities for many other accounts so you don't want it just floating around out there looking like a juicy target so instead of getting it out like free candy Apple will generate a random new anonymized email address that is linked to your account for every service that you sign up for this has the benefit of improving your anonymity online and also making it harder for unscrupulous sites to sell your actual email address to third parties or to spam you.

Additionally Apple claims, but because they make their money selling you iPhones and Macs and monitor stands and what not, your sign ins across multiple services won't be used to track your activity by contrast Google and Facebook do keep track of what third-party sites you've signed into with their single sign-on solutions to help serve you relevant ads so that's Apple's pitch and it sounds pretty good, honestly so hopefully they'll stick to their promise not to track you especially because they're going to make sign-in with Apple a requirement for any app on the AppStore that also uses single sign-in options from their competitors.

1 comment: