If one of your go-to passwords is compromised, credential stuffers and phishers can access all the accounts you secured with that password. The best way to get around that is to use a password manager, which creates strong, secure passwords wherever you need them. Like SSO, password managers can also become a single point of failure if an attacker takes over control of your devices or steals your unique master password. But unlike single sign-on setups, a password manager doesn’t require you to rely on multiple random entities across the web.
The inherent risks aren’t just hypothetical. In September 2018, Facebook disclosed a massive data breach that impacted at least 50 million of its users and, among other things, exposed any other account those people logged into using Facebook SSO.
See Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere
#technology #security #passwords
So-called single sign-on options offer a lot of convenience. But they have downsides that a good old fashioned password manager doesn’t.