Frequently Asked Question
Which one is more secure, Google/Facebook login or your own login?
Last Updated 5 years ago
This is an interesting question and can invite a debate about the topic. There are benefits for both options. We would like to give the benefits of each options and leave it to you to take a decision.
Using Social Login (Google/Facebook)
We would advise you to use Google or Facebook login when compared to creating your own login in Auth0. However would like to warn to secure your Google/Facebook login with 2-way authentication and more security enabled in your social provider. If you enable enough security in your social provider, it is safe and easy to use social login to any websites that requires OAuth protocol.
If you decide to use your own, we recommend NOT to use the same email and password of your email provider or social providers. This is the main reason we advise to use social provider credentials as you don't have an option to create a credentials and the chance of duplicating or re-using password is minimized.
Using Social Login (Google/Facebook)
- Your don't need to remember or manage another credentials.
- Auth0 uses OAuth Authorization Code process flow to authenticate you with social provider. This is considered as one of the highest secure protocol to exchange authentication details. Auth0 cannot get user's credentials(password) while doing this handshake
- Separate credentials for each website. Even if your google/Facebook login is compromised, a hacker cannot access this website
We would advise you to use Google or Facebook login when compared to creating your own login in Auth0. However would like to warn to secure your Google/Facebook login with 2-way authentication and more security enabled in your social provider. If you enable enough security in your social provider, it is safe and easy to use social login to any websites that requires OAuth protocol.
If you decide to use your own, we recommend NOT to use the same email and password of your email provider or social providers. This is the main reason we advise to use social provider credentials as you don't have an option to create a credentials and the chance of duplicating or re-using password is minimized.