A big challenger is about to change the way you use Facebook to log in on websites
There are two ways to log in on websites: try to recall the email address and password you registered with — or simply hit the “Facebook Login” button.
The convenience of the latter underscores the popularity of social authentication options. You’ll see Facebook and Google login buttons on popular sites including Netflix, Uber, Spotify, Imgur and Linkedin, just to name some.
Facebook itself estimates that some 350 million people log into a new app or site with their Facebook credentials every month.
Olga Kuznetsova, Engineering Manager at Facebook told us that the Facebook Login button ranks in the top three of consumer account creation and sign-in preferences worldwide.
More than 85 percent of the top 100 apps in the U.S. market use Facebook’s Account Kit gateway as a login, she added.
Reducing friction for users
Businesses and organizations are seeing value in social authentication services, says Ant Allan, Research VP at Gartner. He said these services help in reducing friction that users face while filling up forms and typing the password.
For users, social authentication on websites means they have fewer individual credentials to remember.
“Replacing dozens of passwords with a single one is great — I can create a stronger password and yet still remember it easily, since I’ll be using it all the time,” Lujo Bauer, associate professor at Carnegie Mellon University explains to Mashable.
“This means my accounts will be much less likely to be compromised by an attacker who guesses my weak passwords — since I might now be able to avoid using weak passwords,” he added.
Although the penetration varies from website to website, as many as 70 percent users opt for the social login option to access services, said Patrick Salyer, CEO of Gigya, which provides identity management tech to clients.
It’s more than just convenience
There’s more to universal logins than just a smoother experience.
Brazilian entertainment-ticketing service Ingresse, which boasts of more than 6 million registered users and claims to be the largest online and mobile movie-ticketing service in the nation, recently implemented Facebook as a login option.
Months later, the service, acquired by NBCUniversal’s Fandango last year, says it has been able to curb ticket frauds by an additional 55 percent.
India’s Saavn music platform says it has seen an increase of 33 percent in new daily registrations only two months after integrating Facebook.
According to a report by research firm Forrester, by 2012 alone, a substantial number of customers found it frustrating when e-commerce websites didn’t have social buttons during sign-up, and some of them chose not to buy the product from the site for the same reason.
But what about privacy?
Google and Facebook, which are also the biggest players in advertising business, already know too much about us, say privacy advocates.
If they know which websites we visit and how often we do, they could use this information for better targeted ads.
“What’s particularly worrisome about Facebook — or another single-sign-on provider — learning this information is that many users are likely to forget that by using Facebook Login they’re telling Facebook which sites they’re logging into and how often,” Carnegie Mellon University’s Bauer added.
Bauer also shared concerns about too little competition for Facebook and Google in the space. Fewer players means the incumbent solution providers have “less incentive to protect our privacy,” he said.
Good for privacy advocates, and us, that some tough competition is about to surface.
Big competition on the horizon
Several carriers in India this month started to notify select customers about something called Mobile Connect. The service, carriers Airtel, Vodafone, and Idea informed their subscribers, will make it even easier to login to several of their apps and websites.
Mobile Connect is an authentication solution that the GSMA, the global telecoms industry trade organisation, has been working on for over three years.
Through Mobile Connect, GSMA is offering users a much more convenient and “more secure” sign-in option, Jaikishan Rajaraman, global head of technology at GSMA told Mashable in a phone interview.
You’ll only need a phone number. No password.
Rajaraman isn’t joking about Mobile Connect being more convenient. The authentication service only requires users to enter their phone number when signing in. There is no password box. When a customer enters her phone number, her carrier vouches for her identity.
But for this, the user needs to be on cellular network and on a phone. On desktop, or on Wi-Fi network, they will receive a code as a secure USSD message, which they will need to provide with the phone number to sign-in.
Incredibly, over 42 operators in 22 nations are on-board with Mobile Connect, and the service is already live to over 3.1 billion people.
But there are only a handful of mainstream websites that support it for now, and it’s very likely you haven’t seen this option anywhere.
Much of that is because the GSMA is focusing on sectors that have shied away from getting Facebook or Google’s authentication buttons.
GSMA is in talks with the Indian government to add Mobile Connect authentication to banks and government websites including Indian Railways’ IRCTC, according to four people familiar with the matter.
Aadhaar allows people to authenticate themselves using fingerprint or iris scan. Over 1.1 billion residents of India have enrolled themselves to Aadhaar project.
GSMA has an advantage over Facebook’s and Google’s offering, Gartner’s Allan said. Because it’s a big trade body that works with telecom operators, it’s more trustworthy in the eyes of the government.
Now, it’ll just be up to them to scale quickly enough to beat Facebook.