Are You ‘OAuth-ing’ your identity away?

By , 14 April 2015 at 15:30
Are You ‘OAuth-ing’ your identity away?
Digital Life

Are You ‘OAuth-ing’ your identity away?

By , 14 April 2015 at 15:30

Passwords are the way how we protect our privacy online. Then we recommend some guidelines to safeguard your identity and data on the internet.

There’s no doubt that your identity is becoming your most valuable asset, on- or offline.

To risk it is to risk your income, reputation, business, credit and personal lives. And yet, each day we blindly authorize it away. That’s precisely why I thought we ought to pause and delve into exactly what we are doing online, how we can be doing it better, and how to retake (some) control over who we’re giving access to day in, day out.

An open standard for authorization, usually abbreviated to OAuth, is how third-party mobile apps and websites gain secure access to your information via logins from super-platforms like Google. In a nutshell, using your favorite login, you authorize third-parties to access your info – often including location, profile pic, name and email address – via two access tokens …“consumer key” and “consumer secret.”

Password 1

The social media login of choice will ask you to Authorize that it gives the third-party app your info, outlining the specific info you are allowing access to. That token allows that third-party app or site to then access your protected resources that are hosted by the resource server.

According to Janrain Software as a Service provider, in the last quarter of 2014, 43% of all of these logins came in via your Facebook, but your Google account is closing in rapidly at 40%, gaining six percent in just three months. Then, while it only holds three percent domination overall, if you’re on a B2B site, you’re most likely to use LinkedIn to authorize connection.

OAuth is actually more secure than creating a new account or having to type your Google, Facebook, LinkedIn, Yahoo or Twitter password into that third-party site. It means less-known third-party apps aren’t getting access to your credentials or unauthorized information, and, if one of those smaller apps goes down, your main Google login won’t be compromised.

But after that one-time authorization for something maybe you only used once, how often do you look back at what you’ve authorized? What can you do to protect yourself?

How Can You Know Where You’re Logged In?

If knowledge is power, knowing where you’re logged in is certainly powerful information. How many of us actually remember which sites we’ve used social media logins for? Speaking about the 83 percent lion’s share of logins, both Google and Facebook now have Privacy Checkups available at the top of your Account Settings. Among other things, they list the different apps you are connected to.


Go through and immediately ‘X’ or opt out of anything you don’t use – don’t worry, you can always log back in again later. Then, review the Visibility of the apps you do use and who can post on your behalf, setting it to “Me” for anything you don’t want anyone else to see. (Warning: This may take awhile, you’d be surprised by how much stuff you’ve logged into!)

How Not to Be Dumb with Passwords

Another cool thing in the Google Checkup is a reminder of the last time you updated your password. (Ahem, mine was 2011!)

One of the risks with OAuth is basic human error. How many of us use the same password for everything? And then have our personal computers, iPads, smartphones and work devices all automatically remembering that single password? Every day, hacker forums are publishing caches of millions of user-name password combos. As hard as it is to remember them all, particularly for your login social media tool of choice, you have to have a unique, complicated, and alphanumeric password. Really, it’s best to have different passwords for everything.


Can’t remember it all? Try the convenience of a freemium password management service like LastPass, where you have one very long master password – song lyrics are great, so long as you don’t hum out loud every time you type it in – and then LastPass encrypts the other passwords you access. It saves you the stress of having to log in all the time and forgetting your passwords, while keeping your passwords safer. This is just the basic overview of a couple tricks to increase the security of your OAuth experience.


previous article

Do you need cyber insurance to keep you safe online?

Do you need cyber insurance to keep you safe online?
next article

How the Internet of Things could just save the EU’s Energy Union

How the Internet of Things could just save the EU’s Energy Union