Social Logins

Is it secure for consumers (or employees) to set up accounts on third-party websites using their Google account, instead of using a username and a password?

We’ve often heard that consumers should avoid using their existing accounts to log in to third-party SaaS platforms. But is that always true?

Why would a cybersecurity company *encourage* their own employees to use their Google Workspace account to sign in to various SaaS platforms?

☑️ If you “login in using Google” aren’t you just giving away your Google password to some random website?

☑️ How much information will that website get about you?

☑️ If you have Multi-Factor Authentication (MFA) set up on your Google account, will it follow you to this other website?

☑️ Does this approach make password resets easier or more difficult?

☑️ What about offboarding when an employee leaves? Is it easier or more difficult if they use social logins?

☑️ Visibility into which SaaS platforms your employees are using . . . better or worse?

☑️ Why would you want to put all your eggs in one basket?

Luke Jennings explains why in this Push Security blogpost — “Should I let my employees login with their work Google account?”

Your own messaging or preference around social logins may or may not change after reading this.

But it’s always valuable to know what people are thinking.

Luke Jennings is Vice President of Research and Development at London-based Push Security. His MSRC BlueHat Oct 2023 presentation — The New SaaS Cyber Kill Chain — is now available on YouTube.

BlueHat Oct 23. S12: The New SaaS Cyber Kill Chain

— Anthony Collette

Scroll to Top