Ping Identity believes third-party access could be simplified by using social media credentials.
CIOs should grant contractors access to their networks via their social media credentials, according to a security company.
Single sign-on specialist Ping Identity claimed IT could enable a degree of access to company data for third-parties by letting them log in using their social media credentials, rather than provisioning temporary passwords for them.
EMEA marketing director Clare Rees told CBR that workers value their Facebook, Twitter and LinkedIn log-ins more than their work passwords, and so social media credentials could actually prove a more secure option.
"That probably gives IT departments in organisations a heart failure," she said. "But it’s more personal.
"IT doesn’t want to manage all of their contractors within their own identity directory, so they could use a social identity log-in to say ‘yes, this is the right person’."
The social media log-ins would appear encrypted to IT, though Rees conceded the issue for CIOs would be to decide what level of access to grant external parties signing in with their Facebook credentials.
"If it’s properly secured then that’s something that could be of interest," she added. "It’s the challenge of making it convenient but keeping it secure."
However, CIC principal analyst Ian Murphy warned against the idea, claiming social media passwords were not strong enough to satisfy IT.
"Also, you don’t know if those credentials have been sold," he added. "If I’ve hacked your Twitter account I could then sign on as you and the company freely lets me have access.
"Most contractors are unlikely to admit to an employer they’ve been hacked."
Forrester Research’s security and risk principal analyst, Eve Maler, said IT could actually boost their own security measures by utilising recent innovations by Facebook and Google.
The tech giants have added security measures to recognise when a user is accessing their account from a new device.
She said: "They’ve turned on the capability to know I’m coming in on a previously seen device, and to block me on a new device. I can actually see [the use of social log-ins] being plausible in not that many years."
The concept of using social media credentials has already been utilised by consumer-facing firms to try and avoid a potential customer not using their service because it requires them to fill out onerous online forms, or come up with yet another password.
Ping Identity said its own research found that 80% of consumers had locked themselves out of websites because they couldn’t remember their log-in details, while 71% have abandoned online forms.
But both Facebook and Google were victims of a massive hack in December 2013 that saw two million passwords stolen via keylogging malware installed on computers around the world, according to researchers at cyber security firm Trustwave.
While Maler brushed this off, her colleague Andrew Rose was more sceptical.
"It doesn’t fill me with confidence," he told CBR. "That makes me think that this is something that sounds like a convenience but one that I wouldn’t rely on for anything of any consequence."