Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

23 comments on “Should I Log In With Facebook?”

  1. “There’s no way for PhoneZoo (or any of these services) to associate an existing account that they have setup with a Facebook account that you then use to login later.”

    Many sites will let you tie your Facebook login and your unique site login together if you create separate accounts for each.

    Reply
  2. If you choose to login to a site via Facebook, does that create any kind of tie between your Facebook account and that site? I’m envisioning something like this:

    – I log into skeevysite.com with my Facebook account
    – A Facebook friend of mine also logs into skeevysite
    – My Facebook friend sees my Facebook account profile listed on skeevysite’s page, under “Friends Of Yours Are Also Members of Skeevysite!”
    – Or, skeevysite posts to its Facebook account, “Veronica has just joined Skeevysite.”
    – Or, skeevysite posts to my Facebook page, “Veronica, we’re so glad you’ve joined Skeevysite!”

    (Not that I actually do anything scandalous on the internet…I’m just a privacy-minded person.)

    Reply
  3. I think it’s a major breech of security to even ask for your Facebook log-in information on a 3rd party website. Asking for your hotmail, yahoo etc. information is the same deal.

    Like the author stated, although a pain, create a separate username/password for each and every website you wish to be a member of.

    The security risk is likely greater than you can possibly imagine if you start freely giving away info. to 3rd party sites. Don’t do it.

    Reply
  4. I don’t use the system mentioned to log on to any other site through F.B. but I do know that many times I’ve searched online parts sites for electronics & what not and it’ll come up with a message or page that states ” Like this such & such site? click like to link this site with your F.B. account and let your friends know you like our site” etc… which in turn links your F.B. to the site your shopping/searching/etc… & posts a message on your wall, now time line or whatever, that you “like” such & such site and linked it to your F.B. account and asks your friends if they want to visit said site click “like” blah, blah, blah.
    Quite the involved nuisance if you ask me.
    I keep everything separate & use LastPass to keep track of the ID’s & Passwords if I want to join the site/forum/store I’m interested in.

    Reply
  5. Using the login credentials from a service like Facebook as a form of authentication for another service is really no different than the SSO (single-sign-on) authentication that a business may use. SSO authentication makes it possible for an IT department to centralize user accounts and login credentials in a secure way and then employees/users do not have to remember as many sets of usernames and passwords. The primary differences between the two situations is that using a service like Facebook is free and a highly-targeted online resource and that a lot of data (from the free authentication service and the other – also most likely free – service) is being mined for (most likely) advertising purposes).

    Reply
  6. Hi, I just have a concern about storing all my important passwords in lastpass!, how can you trust them ultimately with all of your important passwords?? And what happens when lastpass gets hacked and everyone’s important passwords get breached!!!!?.

    Cheers

    Reply
    • The password vault is stored encrypted on the LastPass website. LastPass can’t see your password. If you use a long, strong, unguessable (no dictionary words, at least 14-20 characters long), your file should be uncrackable. LastPass, themselves, cannot open that file.

      Reply
    • I trust them because (and this is important) they can’t see my passwords. The only thing ever uploaded is encrypted data that they don’t have the keys to decrypt. Only YOU do by virtue of knowing your master passphrase.

      They’ve never been breached (all rumors to the contrary are actually wrong — they took proactive action once when they saw suspicious network activity, but never once has LastPass data been compromised). And once again, even in the event that they had been breached, all the hackers would have is encrypted data with no way to decrypt it.

      Reply
    • Agree with Leo and Mark. In addition you can use various forms of 2 factor authentication and also restrict logins to only be from specified countries (which you can change at anytime if you are planning to travel).
      I have used LastPass on phone, tablet and laptop, for a number of years and now cannot even remember any of my passwords. That’s how confident I am that it is safe and secure.

      Reply
    • You could also use KeePass – it is open-source and you can store your passwords wherever you want. And while I will always take any opportunity to plug KeePass, I would not be afraid to use LastPass.

      Reply
    • Pass may be a great program, but I prefer a more widely used program such as LastPass or LogMeIn because widely used programs have been tested much more in millions of computers. That gives me more confidence that most of the bugs have been ironed out.

      Reply
  7. What is your view of Dashlane?
    Is it as secure as LastPass or LogMeIn ?
    How can you truly know that in any of these password managers “they can’t see my passwords”?
    And how can you know that they’ve never been breached?
    Would they really publicize a breach?
    And if you are even talking about breaches, that gets me to worrying.
    You may have confidence that “most of the bugs have been ironed out,” but how about the bugs that as yet haven’t.
    Ultimately I am assuming that there is a human being who can interpose him/herself in the chain of encryption somewhere, assuming the encryption has been set up properly to begin with.
    I have always been taught: “Never say never.”

    Reply
    • LastPass, specifically, was analyzed some years ago by Steve Gibson — a geek that many of us in the industry trust for his ability to analyze software and how it works. The rest is all about trust.

      Look, if you don’t trust them, then don’t use them. Nothing says you have to use them. You’re just giving up the convenience that many of us who do trust are afforded. I happen to trust LastPass because of Steve’s analysis, and because of everything that they have said publicly.

      Whatever technique you use, make sure you use LONG STRONG passwords, and DIFFERENT passwords for every site. And however you keep track of them yourself, make sure THAT is secure as well. (No post-it notes, for example. :-) ).

      Reply
    • Or, you could use KeePass (can you tell I recommend them?). It is open-source, so you can examine the code and see for sure that they are not “seeing your passwords”. I do love and use KeePass, but it’s not because I don’t trust LastPass – I would be confident to use them, I’ve just never felt the need. I guess it’s a matter of where you want to take the risk – I think it’s far *less* risky to use a password manager than *not* to use one. (Not to mention convenient.) Good luck!

      Reply
  8. A bit off topic, but equally as important – all readers should visit Steve Gibson’s site and run the security tests offered.

    Reply
  9. Okay, I get it. Don’t use Facebook or Google to sign-in. But here’s the unanswered question, i.e. how do you recover from this error? If you’ve already did this “unthinkable idiot” move at a website as I unfortunately have, how do you undo it? Do you just establish another login and don’t use FB/Google link again? Or is it just too late ‘cuz FB/Google already has your info and just continue using FB/Google sign-in method?

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.