Art into Science How To Prevent Social Login Abuse - with Ido Safruti
New account registrations on a SaaS site suddenly spike from 100 to 900 per hour. Is it an attack? The first clue: all the new “users” registered via either Facebook or Google social login. Third-party login services like those offered by Google or Facebook are commonly used on websites and services to secure the login flow and streamline the registration process. While this helps validate that the user has the appropriate credentials for the third-party account, it doesn’t ensure that the session or the user itself is legitimate.
PerimeterX CTO discusses:
- The risks when using third-party login services
- Bad implementations of third-party login services and ways third-party login services have been abused for fraud, distribution of malware, or other benefits of the attackers
- Best practices and guiding principles for a secure implementation of social logins to your site