Software Products
Cloud services
- Systancia Workroom
  - Systancia Workroom Session Service
    The secure remote access portal for all your applications in any situation (telecommuting, mobility, on-call, outsourcing, services, etc.).
    
    Discover the service
    
    Try for free
  - Systancia Workroom Desk Service
    The secure remote access portal to your virtual desktops and all your applications in any situation ( telecommuting), mobility, on-call, outsourcing, services, etc.).
    
    Discover the service
    
    Request a trial
- Systancia Cleanroom
  - Systancia Cleanroom Session Service
    Monitoring the access of empowered users and administrators to information system resources.
    
    Discover the service
    
    Try for free
  - Systancia Cleanroom Desk Service
    The sterile and disposable virtual administration office for monitoring access to information system resources by empowered users and administrators.
    
    Discover the service
    
    Request a trial
Solutions and use cases
- Telework
  
  In order to adapt to new practices in terms of mobility, teleworking or outsourcing, companies and organizations must allow employees to access the information system from outside via a transparent user experience in terms of ergonomics and performance, while guaranteeing the security of access from an uncontrolled workstation or network....
  Read the use case
- Regulatory compliance
  
  Compliance with multiple regulations is sometimes perceived as a constraint, but it is nevertheless necessary to ensure an effective IS security....
  Read the use case
- “SaaSifying” Applications
  
  Application virtualization allows organizations to make all their business applications available in SaaS mode....
  Read the use case
- Third party access (provider, ecosystem)
  
  To guarantee the adoption of users and the IT department, any IT solution must guarantee an optimal access and use experience while enhancing IS security and not be perceived as a constraint by the user....
  Read the use case
- Replacing an existing solution
  
  Regardless of whether it is a matter of guaranteeing IT security, optimizing the work experience or simplifying application management, companies and organizations may need to modernize and replace their obsolete IT solutions which no longer provide the innovations required to meet the challenges of digital inclusion....
  Read the use case
- Agility of access management
  
  Employee movements (turnover, internal rotation, outsourcing and mergers-acquisitions) require that the IT department benefits from real agility in order to facilitate these movements and increase the level of IS security....
  Read the use case
- Desktop or application virtualization
  
  Provide access to applications independent of the operating systems and devices used by an organization’s employees....
  Read the use case
- Access monitoring (traceability and access audit)
  
  Information system security (ISS) is mainly based on the security of its weakest link, which is also the essential element: the human being....
  Read the use case
- Digital Risk and Data Protection
  
  Due to the growing amount of data within companies and organizations, and the fact that these data are sometimes sensitive, it is essential to protect them against any potentially devastating risk of leakage, as we are reminded daily by the press....
  Read the use case
- The cloud as a lever
  
  For organizations, the cloud is a vector of flexibility and transformation of digital use, both for employees and the IT department. Contact us Photo credits : https://writix.co.uk Massively migrate the operating environment Today, IT departments must manage the rapid and asynchronous evolution of the various components of technologies such as server operating systems, applications, and workstations. Thus, server OSes progress at a different speed from the OS versions of the client devices, and an even different speed from business applications... Read More >>
Customer Success
Partners
Events
- Events
- Webinars
- Replays
Press
Blog

SystanciaBlogCybersecurityThe risks of Social Login

The risks of Social Login

You have seen it before, or even already used it to connect to a website, the social login seduces because of the simplification and time saving it provides to Internet users. This is a unique authenticationPrimary or secondary authentication Authentication allows a user to guarantee his or her identity before accessing a resource or service. Primary authentication will give user access to the workstation (Windows... More form that allows users to connect to different sites or applications through identity providers, for example via their Facebook, Twitter, Google, Apple or LinkedIn accounts, to name just a few. Technically, behind the social login, there are identity federation technologies, which allow to use a third-party credentials repository to log into an application.

By connecting via your favorite social network to an application or website, your data will be shared, allowing you to avoid tedious registration forms and the multiplication of IDs/passwords. Then, from the moment you are connected to your social network, you will only need one click to access these third-party applications and websites. However, the information shared may not always be limited to your full name and e-mail address. The third-party website may potentially have access to certain information, which is usually not required for a traditional registration. But this is not the main problem with social login; after all, some people will say that if you enter this data on a social network, it is because it is not that confidential.

The real debate about social login is the close relationship between the social network that allows you to log in and the third-party application or website. The day a failure occurs on the social network, you will no longer be able to connect to your other accounts as long as the incident continues. If someone steals your social network credentials, they will have access to all these third-party applications and websites where confidential information may potentially be found. If this person changes your password or if your account is deleted, you will lose access to all applications to which you used to log in via the social login. Even if social networks have sophisticated and effective cybersecurity tools, the risk of massive hacking cannot be eliminated either, and you may only find out once the damage is done. Facebook users have already been confronted to such a situation.

In 2018, because of a security breach, hackers were able to access up to 50 million Facebook accounts [01] in order to steal access tokens allowing them to connect to other websites or applications via the social login mechanism. Social login has therefore become a real cybersecurity issue since, now that social networks have a global audience, a vulnerability on a social network with several million users can potentially compromise other hundreds of millions of accounts linked via social login.

However, the scope of social login is often limited to users connecting to their personal applications. Indeed, this login mode using social networks is still limited in companies, particularly because of the dissociation between personal identity and professional identity. In order to allow the employees of a company to connect to applications of the same company or to allow the employees of a client company (B2B) to access services from a service provider, traditional ID/password pairs are still the most commonly used. It is rather in a B2C context that social login can be used. Many companies have chosen to allow users to use this authentication method, such as Airbnb, Booking or Air France. They use this mechanism to allow their consumer customers to use their “social” credentials to access their online services. There is also the case of an employee from a company who uses a social login to log into the online site of his company’s mutual insurance organization, if it allows it: it is not the company that manages this security, it is the mutual insurance organization. This is an example of “social login” in a company.

When it comes to personal use, social login therefore appears as a practical and simple solution to use, no configuration is necessary. The mere fact of having an account on a social network is enough. However, you should be aware that like all IT solutions, social login involves risks. The problem is that in this specific case, risks can quickly spread to all third-party applications and sites linked to your account.

References

Facebook: a massive hack has compromised 50 million accounts

https://www.01net.com/actualites/facebook-un-hack-massif-a-compromis-au-moins-50-millions-de-comptes-1533364.html

Published on 26 July 2019 by Jocerand Leroy

Themes

IAM cybersecurity CTO Developers

The risks of Social Login

References

Do not miss these events:

GITEX 2020 – Xlabs with Redington Gulf “Never Trust, Always Verify”

How to provide a simple and fast secure access for your IT providers?

How to best respond to Privileged Access Management regulations & directives

These articles may interest you :

Remote maintenance: Which tools should you choose?

Feedback on the ANSSI’s qualification of IPdiva Secure, now Systancia Gate

VPN vs ZTNA