While Information Security people have been rather reluctant regarding social logins, there always has been pressure from Marketing, Sales, and Business Development departments. The reasons given by InfoSec people to be more careful have been aspects such as the authentication strength and assurance of these services. Marketing on the other hand has seen this as a "must have" feature for customer convenience and to be "modern". There is a value in BYOI (Bring Your Own Identity), enabling the customer to use one ID for multiple services, avoiding redundant registration and the "password sprawl", requiring him keeping many passwords in mind. But unfortunately, social logins are not secure. New initiatives, such as the FIDO Alliance, are pushing more secure approaches for BYOI that can work with or without social logins.
Aside from information security aspects, there is another challenge, which so far has been widely ignored. It is the simple question: Is supporting social logins really good for business? Looking at the way the social networks operate and their business models, supporting social logins is about massively leaking information about your customers, leads and prospects to 3rd parties, like Facebook or Google, and through those possibly even to your competition. How does this influence your benefits / risk equation?
In this talk, Mike Small will provide a deeper look on how social logins can create competitive disadvantages and what the alternatives are to provide BYOI without the risk of leaking information to competitors.
