Frequently Asked Questions (FAQs)

What are the most common reasons for login failure?

If you are unable to login, you must check following on priority to resolve the login issue:

  1. Keyboard CAPS lock is OFF
  2. You are not using an old password
  3. Your given email/login-name is valid
  4. The website is correct and not a phishing website
  5. You are not using VPN, as some sites do not allow to use VPN
  6. Make sure the internet connection is active, as the login form may be loading from browser cache
  7. If the site requires captcha, it must be valid. Regenerate if its not readable

Is using OAuth to login a website secure?

Yes. OAuth is a standard protocol that is used to login into a website without creating an account. It saves time to login and relieves one remembering another account credentials. Most common providers are Google and Facebook. If you have their account, feel free to login using them on a third party website.

Can a website where I login using OAuth, access my account password?

No. Assume you are using Google OAuth provider and login at example.com using google account. Google does not expose your password to example.com but only sends a token on successful authentication that is used by the application to access authorized information.

Can a website where I login using Oauth access all my data?

No, it depends. When you login using OAuth, after the successful authentication, the provider shows a list of permissions that application asks for. For example, if you are using Google, the application where you are trying to login, it may ask for permission to read all contacts. If you are using Facebook, it may ask for permission to post a status on your behalf or publish or update pages you have created. There can be many such permissions. Permissions is a list of privileges that delegate to a third party app. If you are concerned that a certain permission the application asks for may cause some issue for you, you should not allow that permission in the Authorization or Permission window that appears after the authentication or login window. Using permission carelessly may cause a big issue, as you are delegating your authority to someone else.

How I can revoke the granted permissions from a third party app?

Each OAuth provider maintains a list of applications along with permissions you have granted to each application. To revoke those permissions, you can remove the app from the list of apps using the provider dashboard or explicitly remove a specific permission shown under that app (for example, on Facebook, find it under Settings > Apps and Websites tab on left). Often these granted permissions expire automatically after sometime. The provider’s dashboard shows which apps are expired, that means the token that provider issued to the app has expired and the app can no longer access the data on behalf of the user until the user authenticates and grants the permission again.