How many Stack Exchange logins should I have?

Adding logins means adding alternative methods to access your account; see this page for details.

Thus, additional logins cannot reduce the risk of hostile hijack; in fact, they can only increase the risk since they provide additional entry routes for the attacker. If you have several logins, then your "security level", formally, is no more than that provided by the weakest of the involved authentication systems.

Additional logins are meant to avoid being locked out if an authentication provider fails (e.g. ceases to operate). This can be viewed as extra "security", not against attackers, but against disasters.


If someone compromises your StackExchange account can't they just unlink all your recovery options? Assuming they can't, the model is that:

  • Losing any of the accounts linked to SE is a "compromise".
  • If any of the other accounts linked to SE is not lost then you can "recover".

On this model, 2 seems reasonable by your own analysis:

  • 0 is no good, you can't log in to SE at all ;-)
  • 1 is no good, you have no chance of recovery following a compromise.
  • 2 is the least number of accounts with non-zero chance of recovery. Provided that losing one does not compromise the other, then in fact it gives you a pretty good chance of recovery, since losing accounts is rare and losing two in quick succession is very rare.
  • Additional accounts increase the chance of compromise, and the additional chance of recovery must diminish rapidly because the recovery chance is already good.

As I said, however, I'm not confident of the model. I've never tried to unlink something from my SE account.

The provided is quite a big one. If your Gmail account is also the recovery option for your Facebook, then losing your Gmail account means you've a fair chance of losing Facebook too. So adding Facebook to StackExchange would have a less dramatic effect on your chance of recovery following compromise via Gmail.


Simply put, additional logins would have 2 effects:

  • It increases the risk of attacks and account compromission

but on the other hand,

  • It lowers the impact of a successful attack by limiting the perimeter of data accessed.

Then it's up to you to decide based on the risk you accept, and the balance you want in terms of usability versus security.

Tags:

Authentication

Related

How does SFTP function without a manually generated public/private key pair nginx - How to prevent processing requests with undefined server names with HTTPS Is Google Chrome Extension access to SSL certificate validation output possible? Is it possible to use SSH agent for generic data encryption? Can anyone DDOS my server with jmeter? Do they need a powerful server for that? Securing passwords for REST Authentication Heartbleed: Why does the client supply the length of the message at all? How would you know a certificate/private key if you extracted it from RAM? Or would you? Why does my debit card have a stripe AND a chip? Can malware be attached to an image? Why do we trust organizations that certificate ISO 27001? How to prevent popping up a login dialogue using a malicious hotlinked image and HTTP Basic Auth header?

Recent Posts