OK, I have written about Google (many times recently but it is one of my favorite providers of many tech items) and I have also written about Facebook (not one of my favorites). However, today we look at them together for one reason. Sign in screens. And by sign in screens I do not mean for either Google or Facebook.
You may have noticed the following…more lately as it is becoming more popular.
You go to a new site, or even one you have used for years and you notice something added to the login screen. It allows you to login with your normal username and password. OK, you get that part. It is the same thing if you are setting up a new account for a new site. You then enter your username and password (or make up the 4,592nd password you have to remember for another site.) Easy…not always.
However, you also see two familiar logos saying, “Sign in with…” offering Google, Facebook, Twitter or some other site that many people already have accounts for. The majority of sites using this feature only use the two most popular mentioned above. Check the graphic below and see if you recognize it and the logos. 
Outlook.com (by Microsoft) even gives you an option to sign in with a GitHub account. Do not worry if you have not heard of that site since it is mostly used by program developers.
First off, as with all geeky things this form of login authorization has a geeky name, “Oauth.” Oauth stands for “open standard for authorization”, in case you are ever on Jeopardy.
So, like me you hit these sites and want to try it. Then you happen to think, “Wait a minute, what will this do with my security between Google and this XYZ.com site?” You wonder about who gets what information and then what they can do with it. I must admit, to me that was a bothersome scenario. So recently I investigated exactly what Oauth does.
It does not swap your password or make it known on the new site. It requests a token (an electronic ID) which says the person logging in with Google or Facebook, etc. has the correct credentials for those sites. That means you can be trusted to be you on the new site.
Now the password does not leave the authorizing site; however, some things may be shared. Facebook will share the FB public profile and/or your email address with the site. It has been stated in some places on the internet that they may also share access to your contact list. So far, I have not read about Google sharing, but I would not doubt it is or that it will happen.
Think about it, though. It is considered safer. For one, you are trusting Google, Facebook or the other big players out there to have better security than a smaller site you are signing into can provide. If the new site gets hacked they do not get your username and password since they are held by the authorizing site.
I especially like that you have one less username and password combo to keep up with. BIG WIN!
