Do not use Facebook Single Sign On

Last week, Facebook discovered a security issue that affects more than 50 million accounts. But don’t worry, there’s no need to change your Facebook password. The attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.
Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.
This also means that whoever got the access token can also access 3rd party apps that use Facebook login. Which is why I always tell people not to use Facebook Single Sign On. Its a single point of failure. Once someone gets access to your Facebook access token, they got access to all your apps that uses Facebook Single Sign On. It is better to register an account at all your apps instead of relying on Facebook Single Sign On.

Leave a Reply

Your email address will not be published. Required fields are marked *