It looks like Google Login which I wrote about years ago is here to stay. But from the emails I get, there are concerns about its use.
I am not referring to your login to Gmail.com, Google Maps, or any of the other many Google applications or sites. If you do not have a Google account or would like to know more about one, use this link (ghtech.site/ght-youtube). It will take you to YouTube where you can view my free Google Training sessions.
Back to the subject I started with. It has been in use for several years. It is where you are supplied a link stating that you can use Google to login to a non-Google site. Also, you may see a link not only for Google but Facebook and occasionally links for Apple, Microsoft, and/or Twitter.
You go to a new site, or even one you have used for years, and you notice something added to the login screen. It allows you to login with your normal username and password. OK, you get that part. It is the same thing if you are setting up a new account for a new site. You then enter your username and password (or make up a new password you have to remember for the site.) Easy…no it is not, you have too many passwords to remember.
However, you also see two familiar logos saying, “Sign in with…” offering Google or the others mentioned previously. Most sites using this feature only use the two most popular mentioned above. Check this article on DoubleClicks.info for some graphics.
First off, as with all geeky things, this form of login authorization has a geeky name, “Oauth.” Oauth stands for Open standard for AUTHorization.
So, like me, you hit these sites and want to try it. Then you think, “Wait a minute, what will this do with my security between Google and this XYZ.com site?” You wonder about who gets what information and then what they can do with it. I must admit, to me that was a bothersome scenario. So recently I investigated exactly what Oauth does.
It does not swap your password or make it known on the new site. It requests a token (an electronic ID) which says the person logging in with Google or Facebook, etc. has the correct credentials for those sites. That means you can be trusted to be you on the new site.
Now the password does not leave the authorizing site; however, some things may be shared. Facebook will share the FB public profile and/or your email address with the site. Some sites on the internet state they may also share access to your contact list. So far, I have not read about Google sharing, but I would not doubt it is or that it will happen.
Think about it, though. I consider it safer. One other thing I suggest going along with this for even more security. Make sure you use Google’s “2-Step Verification” or “Multi-Factor Authentication.” You can find that when you log into your Google account at myaccount.google.com. If you have questions, please let me know.
I especially like that using Google to log into other sites you have fewer usernames and passwords to keep up with.
I get this question all the time, so make sure you read this info.