Social & Mobile Login
Facebook Twitter LinkedIn

Social & Mobile Login

Combined Session
Wednesday, May 14, 2014 14:30—15:30
Location: AMMERSEE I

Evaluating the Risks of Social Login

While Information Security people have been rather reluctant regarding social logins, there always has been pressure from Marketing, Sales, and Business Development departments. The reasons given by InfoSec people to be more careful have been aspects such as the authentication strength and assurance of these services. Marketing on the other hand has seen this as a "must have" feature for customer convenience and to be "modern". There is a value in BYOI (Bring Your Own Identity), enabling the customer to use one ID for multiple services, avoiding redundant registration and the "password sprawl", requiring him keeping many passwords in mind. But unfortunately, social logins are not secure. New initiatives, such as the FIDO Alliance, are pushing more secure approaches for BYOI that can work with or without social logins.

Aside from information security aspects, there is another challenge, which so far has been widely ignored. It is the simple question: Is supporting social logins really good for business? Looking at the way the social networks operate and their business models, supporting social logins is about massively leaking information about your customers, leads and prospects to 3rd parties, like Facebook or Google, and through those possibly even to your competition. How does this influence your benefits / risk equation?

In this talk, Mike Small will provide a deeper look on how social logins can create competitive disadvantages and what the alternatives are to provide BYOI without the risk of leaking information to competitors.

Evaluating the Risks of Social Login
Presentation deck
Evaluating the Risks of Social Login
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Mike Small
Mike Small
KuppingerCole
Mike Small is the retired director of security management strategy of CA, where he was responsible for the technical strategy for CA's security management software product line within Europe,...

How to Enable Social and Mobile Login – and Beyond

In this thought leadership panel, the panelists will discuss the various options for securely enabling social and mobile logins in existing on-premise IAM infrastructures and by adding Cloud-based services. Supporting these environments is a common requirement and IT organizations have to be able to react on this. They especially must support mobile security as part of this, in the context of secure access to information (and not only by protecting devices). However, today’s approaches – namely the plumb support of social logins – will face change. Thus, the panel will also look at alternative solutions on how to support BYOI – for mobile users and others. New features of mobile devices such as NFC or integrated fingerprint readers provide new opportunities for mobile security and BYOI.

Ian Glazer
Ian Glazer
Salesforce
Ian Glazer is the VP, Identity Product Management, at Salesforce. His responsibilities include leading the product management team, product strategy and identity standards work. Prior to that, he...
Dr. Michael B. Jones
Dr. Michael B. Jones
Microsoft
Michael B. Jones is a Standards Architect at Microsoft. He is an editor of the OpenID Connect specifications, several IETF OAuth specifications, including JSON Web Token (JWT), the IETF JOSE (JSON...
Christian Patrascu
Christian Patrascu
Oracle Corp.
Christian (born 1976) is the Director of Product Management – Oracle Fusion Middleware in Europe, Middle East and Africa (EMEA). He is working for Oracle Development since beginning of 2007....
Daniel Raskin
Daniel Raskin
ForgeRock
Daniel has more than 15 years of experience building brands and driving product leadership. Prior to joining ForgeRock, he served as Chief Identity Strategist at Sun Microsystems. Daniel has also...
Don Schmidt
Don Schmidt
Microsoft
Don Schmidt is a Principal Program Manager in the Windows Azure Active Directory engineering team at Microsoft with over 30 years of successful software and standards development experience in...
Subscribe for updates
Please provide your email address