It is a common scenario in organizations that the marketing department, business development, or the sales department asks the IT department to support social logins on some of the corporate websites, including eCommerce sites. Admittedly, IT also sometimes proposes such functionality, having technology on hand that allows for simple integration of such social logins.
My colleagues and I have written about that topic before, primarily from an information security standpoint and as part of the BYOI (Bring Your Own Identity) theme. The main reason for social logins is that users want a simple way to login to applications. Social logins are convenient, but limited in their identity assurance.
However, there is another aspect of social logins I have not seen discussed so far, neither by IT nor by marketing people. It is about customer relationships, confidentiality, and competitive advantage.
So let us have a look at what happens when using social logins. Let us assume that there is a customer C that wants to access the eCommerce website E. He might use a social login, maybe using social network F or G. There might be an advertising service A as well in the game and another business B, which as well relies on social logins or works with that advertising service. Finally, there are other websites, let us call them D so that we have all letters A to G in that example.
C logs into F (in fact, he remains logged in there). C accesses E. When he does that, he has the social login and BYOI experience. However, at that time F learns that C is a customer of E. F uses, as part of its business model, that information to provide information to an advertising service A (depending on the social network, that might be its own or an external one). B relies on that service as well. Thus, when C starts looking at other websites (D) that also might work with A, he might see adverts for goods related to his interests – adverts of business E or business B. Even more information might flow, being available in F because C has left a comment somewhere or – as part of today’s or tomorrow’s business models – being sold by A or F to the competitor B.
This theoretical example shows that supporting social logins could be an excellent way to inform competitors about the interests of customers. Does this really make sense from a marketing perspective?
In essence, social logins obviously are not what marketing should request. But what are the alternatives for BYOI? FIDO Alliance, which we covered several times in our posts, might become a game changer in that area. They are not an IdP, but they support the flexible use of strong authentication methods. Combined for instance with integrated strong authentication in devices such as fingerprint readers in mobile devices, this is a way for users to easily register to websites with strong authentication, without relying on a social login. However, the FIDO Alliance does not provide the user’s attributes in a way social networks can do. Some of the authenticators could, other IdPs (Identity Providers) could also, based on a strong yet simple authentication.
BYOI is not about social logins only. It is about enabling the user to use their “own” identity – a preferred one, chosen by him – with various relying parties (RPs). From a marketing perspective, it might be well worth while to evaluate the alternatives to social logins when requesting support for BYOI.
Learn more about the challenges of social logins in our webinar next week (in German language): “Marketing will das Facebook-Login. Und was ist mit der Informationssicherheit?”
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Whether public, private or hybrid clouds, whether SaaS, IaaS or PaaS: All these cloud computing approaches are differing in particular with respect to the question, whether the processing sites/parties can be determined or not, and whether the user has influence on the geographical, qualitative and infrastructural conditions of the services provided. Therefore, it is difficult to meet all compliance requirements, particularly within the fields of data protection and data security. The decisive factors are transparency, controllability and influenceability of the service provider and his [...]