What are the most common reasons for login failure?
If you are unable to login, you must check following on priority to resolve the login issue:
- Keyboard CAPS lock is OFF
- You are not using an old password
- Your given email/login-name is valid
- The website is correct and not a phishing website
- You are not using VPN, as some sites do not allow to use VPN
- Make sure the internet connection is active, as the login form may be loading from browser cache
- If the site requires captcha, it must be valid. Regenerate if its not readable
Is using OAuth to login a website secure?
Yes. OAuth is a standard protocol that is used to login into a website without creating an account. It saves time to login and relieves one
remembering another account credentials. Most common providers are Google and Facebook. If you have their account, feel free to login using them
on a third party website.
Can a website where I login using OAuth, access my account password?
No. Assume you are using Google OAuth provider and login at example.com using google account. Google does not expose your password to example.com
but only sends a token on successful authentication that is used by the application to access authorized information.
Can a website where I login using Oauth access all my data?
No, it depends. When you login using OAuth, after the successful authentication, the provider shows a list of permissions that application asks
for. For example, if you are using Google, the application where you are trying to login, it may ask for permission to read all contacts. If you
are using Facebook, it may ask for permission to post a status on your behalf or publish or update pages you have created. There can be many such
permissions. Permissions is a list of privileges that delegate to a third party app. If you are concerned that a certain permission the
application asks for may cause some issue for you, you should not allow that permission in the Authorization or Permission window that appears
after the authentication or login window. Using permission carelessly may cause a big issue, as you are delegating your authority to someone
How I can revoke the granted permissions from a third party app?
Each OAuth provider maintains a list of applications along with permissions you have granted to each application. To revoke those permissions, you
can remove the app from the list of apps using the provider dashboard or explicitly remove a specific permission shown under that app (for
example, on Facebook, find it under Settings > Apps and Websites tab on left). Often these granted permissions expire automatically after
sometime. The provider’s dashboard shows which apps are expired, that means the token that provider issued to the app has expired and the app can
no longer access the data on behalf of the user until the user authenticates and grants the permission again.