If given the choice by a new web-app or website, I will quite often use my Facebook, Twitter or Google account to sign-in instead of having to go through another sign-up process with probably another username to remember. Social sign-ins make life so easy. You’re already logged in to Facebook/Twitter/Google on your computer so all it takes is one click and you’re in and able to utilise the member benefits of the site/app.
However, it also puts you at risk by having all these apps and sites being able to access your personal information and by having to make connections to your social network. Ok, you can probably trust Facebook/Twitter/Google with your sensitive data, but as soon as you use these big guns to talk to a third party, who knows what could happen
I’ve had my Google account hacked before, all my emails were deleted and my contacts were sent a spam virus by me via GMail, Facebook and Twitter. So I changed my password on all 3 to something pretty strong including capitals, letters and numbers.
I’ve now had my Facebook account cloned! CLONED!!! This new Facebook account has my name, my profile pic and my information, and is starting to add all my friends, probably so it can send them spammy messages. I’ve informed Facebook so I’ll have to wait and see what they do, and I’ve changed my password (not sure that was the issue though).
All of this makes me think about how someone could have got my password or hacked in to my accounts and I’m sure it’s something to do with third parties having direct access into my social accounts. But how do you find out? I’ve signed up to loads of websites and apps using Facebook Connect and Twitter OAuth. Google Plus has asked me to connect my Twitter, Facebook and LinkedIn accounts now too! Where’s the leak?
My recommendations
Check which sites you’ve authorised to connect to your social accounts
You can do this on Google by clicking your name (right hand side) in the toolbar across the top of the Google homepage, and clicking Account Settings from the drop-down. Then select Edit next to ‘Authorizing applications & sites’. If there are any you don’t use anymore, or any you don’t recognise, revoke the access.
In your Twitter settings, click on the Applications tab. If anyone knows how to do this with Facebook, let me know please!
Don’t use Google or Facebook for social sign-ins
It’s most likely that you have more sensitive information on Facebook and Google. Twitter does not need to know your life story for you to get the most of it so where possible use Twitter Connect (OAuth) if necessary.
Of course to be even more precautious, take the time to sign-up to the website/app properly.