Rory McCune  

Here's a possibly unpopular #Infosec opinion.

For ordinary non-corporate end users, SSO systems like "Sign in with Google/Microsoft/Facebook" are a bad idea.

Here's the reason. It's possible to get banned from an entire ecosystem based on a perceived infraction on one site, and there have been multiple cases of this happening. When these bans occur they can stop you being able to use that SSO system, locking you out of every account that uses it.

Ordinary end users have very little chance of getting a sensible response from mega-corps when this happens.

The impact of being locked out of all your systems if this happens is high, and possibly a worse outcome than losing an individual credential because of a hack when you're managing your own credentials.

1+
Old Fucking Punk
Follow

@raesene I really dislike SSO. You are also potentially trading away some privacy locks for convenience. The SSO at the company I work for includes access to personal and payroll information. Pull a fire alarm and see how many workers leave their computers unlocked.

· Librem Social · 0 · 0 · 1
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml