<P> Furthermore, the use of single - sign - on techniques utilizing social networking services such as Facebook may render third party websites unusable within libraries, schools, or workplaces that block social media sites for productivity reasons . It can also cause difficulties in countries with active censorship regimes, such as China and its "Golden Shield Project," where the third party website may not be actively censored, but is effectively blocked if a user's social login is blocked . </P> <P> In March, 2012, a research paper reported an extensive study on the security of social login mechanisms . The authors found 8 serious logic flaws in high - profile ID providers and relying party websites, such as OpenID (including Google ID and PayPal Access), Facebook, Janrain, Freelancer, FarmVille, and Sears.com . Because the researchers informed ID providers and relying party websites prior to public announcement of the discovery of the flaws, the vulnerabilities were corrected, and there have been no security breaches reported . </P> <P> In May 2014, a vulnerability named Covert Redirect was disclosed . It was first reported "Covert Redirect Vulnerability Related to OAuth 2.0 and OpenID" by its discoverer Wang Jing, a Mathematical PhD student from Nanyang Technological University, Singapore . In fact, almost all Single sign - on protocols are affected . Covert Redirect takes advantage of third - party clients susceptible to an XSS or Open Redirect . </P> <Ul> <Li> Initial sign - on prompts the user for credentials, and gets a Kerberos ticket - granting ticket (TGT). </Li> <Li> Additional software applications requiring authentication, such as email clients, wikis, and revision control systems, use the ticket - granting ticket to acquire service tickets, proving the user's identity to the mailserver / wiki server / etc. without prompting the user to re-enter credentials . </Li> </Ul>

Using windows login credentials for single sign on