Using social media for authentication: 3 pitfalls to avoid

Logging into business systems with social accounts comes with certain risks. Here's what you need to know.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

At a software development conference some time ago, I found myself standing in a small circle of software experts, who many would consider titans of their fields.  I was introduced by a colleague as the “unknown expert.” Suddenly it became apparent how integral a social media presence had become and how much of a missed opportunity it was for me to not pursue.

You see, I’m one of those people who found the whole social media revolution a bit unnerving, and from the very beginning, I decided that I was going to keep my personal and professional life out of the public eye.  I had the required social presence on sites like LinkedIn, but never took the plunge with a Facebook page or Twitter handle. And until recently, I had never even written a blog.  I’d always thought that posting about my friends and family would open us all up to unnecessary risks.  I turned out to not be entirely wrong. There have been horror stories of families posting about their vacation on social media only to return to ransacked homes, and of people being stalked online and harassed into hiding. 

While I recognize my thoughts against my personal engagement in social media are a little old-school, I do understand that the companies I work with need to leverage social media for business growth and visibility, as well as granting authentication into their systems for identity and access management purposes.

Given this need, let's take a quick look at three risks involved with using social networks and how to safely leverage these platforms.

Social engineering

Social engineering is a topic you should be familiar with, as it has become a popular cybersecurity attack method. It is when an attacker convinces the victim that their conversation (whether by phone, text, email or some other means) is legitimate and that the victim needs to share access or divulge their online privileged account information in order to solve a problem. For criminals engaging in this type of attack, social media offers a goldmine of useful information.

Think of the questions you’ve been asked to answer security prompts. Questions like what high school did you go to, or what is your dog’s name. Do you think that most of them can be answered with the most basic data collected from your social media?

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.