Often on sites you may be asked to log in using Google, Facebook or VKontakte. If you have an account in one of these services, you will not need to register from scratch: fill out your name, email and put your photo - all this will be done automatically. Let's figure out how it works and how safe it is.
This is a story about OAuth2 technology.
You can log into Yandex through Google. How do you like that, username?
What is it for
Every site is interested in new visitors, because they can then be sold a paid subscription or shown advertising. Therefore, it is beneficial for sites to make registration as simple as possible, ideally with the click of one button (or even without registration at all). If users have to register manually and enter all their details, there is a chance that they will fall off.
In parallel with this, there are services on the Internet that everyone uses: Yandex, Google, Facebook or Vkontakte. Why not take user data from these services?
This is why OAuth was invented.
Can I log into the page without knowing my username and password?
So, it’s easy to recover your password if you have a phone number. But there are 2 situations when the above method does not work:
- if the user has lost the SIM card or phone;
- if someone hacked the page and changed all the data (that is, both the password and the phone number).
If you do not have the SIM card you registered with, you will not be able to recover your password. You will have to contact VKontakte technical support to regain access to your profile.
To contact technical support, you must click on the “Click here” link, as in the screenshot. Next, the user will be prompted to enter the address of the page to which access needs to be restored. Another option is to find the page through search.
Button to contact VK technical service
After this, the following window will open where you will be asked to enter:
- the phone number to which the page is registered;
- any available phone number (it must not be linked to any VKontakte page);
- password (not necessarily the last one, just any one ever used).
Next is the standard procedure for receiving a confirmation code via SMS. The message will be sent to an available number.
After entering the code, a window with instructions will appear. Everything is very clear here, but you will have to spend some time. Firstly, the support agent needs a photo of the user in the background of the current page (the same one in the screenshot). Secondly, you need a scan or high-quality photo of your passport, driver’s license, or any other document that contains your name, surname and photo. If both photos match, the support agent will unblock access to the page. But you need to wait for an answer from him. The time varies - most often from 2 hours to 2 days.
Instruction window
Important! The support service will not help if your VKontakte profile contains a fake first and last name. This is the only case where data authenticity really matters. By deciding to provide “fake” data, the user takes away the opportunity to regain access to the page in case of complete loss.
OAuth is like a contract between sites
Yandex, Google or any other service that allows you to use your pass must accept a unified data exchange protocol.
To put it simply, they must agree: “We give each other data in this format, we accept it in this format, we trust each other.”
These agreements were enshrined in a single authorization standard - OAuth. It describes how to issue passes, how to check them and what to do in different cases.
Communications
The main purpose of a social network is to communicate and exchange information between users.
There are several communication methods that can be comfortably carried out from the full version of the site.
<Fig. 14 Own page>
- The Messages section is located in the left menu of the page - click on it to go to the list of conversations with users. Here you can see a list of conversations, and in the Search column at the top you can enter the user's name to find a dialogue with him. Open the dialogue by clicking on the message text preview;
<Fig. 15 Messages>
- Wall posts are a tool presented in the most convenient form in the full version of the site. Your page has a What's new?.. field - in it you can enter any information, add pictures, links to people and third-party resources, videos, music, documents. Depending on the settings you set, the post will be seen by all users, only your friends, or certain lists;
- Commenting on posts and files can be done without problems in the mobile version, but the full version is more convenient - to do this, click on the message icon under the post. Click on the heart to like or the arrow to share someone else's post on your page. Similarly, you can comment not only on posts on the wall, but also on photographs, videos or any other content (with the exception of audio recordings and documents);
<Fig. 16 Actions with a post>
These are the main elements of communication on the VKontakte website. They are presented with approximately the same composition and functionality in the mobile version and application of the site, but using them there is less convenient. In particular, it is inconvenient to link to users in posts, since the optimized version does not support pop-ups.
How single sign-on works
For the user, everything looks simple: he clicked “Login via Yandex”, confirmed to Yandex his desire to enter the desired site, and that’s it - you have already registered on the new site and can use it. But what's going on under the hood?
When a visitor, for example, to a website about programming, clicks “Log in via Yandex,” this site sends a request to Yandex and says: “Someone here wants to log into my site through your service, can you sort it out?”:
When Yandex receives such a request, it needs to understand what kind of visitor came to the site and whether he has a Yandex account. To do this, it shows a pop-up window where the visitor can log into his Yandex account. This is necessary so that the service understands in whose name to issue a pass for the site. If the user is already logged in to Yandex, he will be recognized immediately.
As soon as the visitor enters his username and password, Yandex recognizes him and asks if he trusts this programming site and whether Yandex can share data about his name and email with the site:
Next, Yandex gives your data to the site, it recognizes you, and you’re done:
How to log into the full (computer) version of the site?
The address https://vk.com is the full version of the site. By clicking on this link, a person gets to the computer version of VKontakte and can use all the functions of the social network in full.
Full computer version of VK version
In addition to the computer version, there is also a mobile version, as well as several convenient official applications for different operating systems (Android, iOS, Windows Phone, etc.). From a computer, it is best to use the full version: it does not “eat up” traffic, loads quickly and does not freeze even on weak machines.
How safe is it
Each site that uses OAuth determines what user data they want to see. For example, one site just needs to know your name and email, while another wants to download your photo and find out your date of birth.
When you sign in via OAuth, the service will tell you: “This is the data they are asking me for. Give access? When you allow access, this data will be transferred to the site. If you refuse, they won’t switch.
✅ Sites that use OAuth will not be able to read your email or private messages. But there are other technologies, such as social media apps, that can do much more.
✅ OAuth cannot send messages on your behalf or post to your news feed. But, again, if this is not OAuth, but a separate application for Facebook or VK, then this is possible. Remember all those games that post on behalf of players “I picked cabbage from my farm”? Here they are.
✅ Your password from Yandex, Google and other services is definitely not transmitted through OAuth. Services store passwords in encrypted form, so even if they wanted to, they would not be able to transmit them.
How to log into VK from a mobile phone?
A user who wants to visit VKontakte from a mobile phone has 2 options to choose from:
- open the website https://m.vk.com in your browser - this is a lightweight version of VK that retains all the basic functions;
- install a free application from the application store for his gadget.
There is no need to search for the application yourself: when you log in to https://m.vk.com, a link with the text “Install the application” will appear. By clicking on the link, a person is taken to the page of the current version of the application for his device. The application interface is very similar to the mobile version of the site, but it works a little faster, because it is optimized for a specific OS and phone/tablet model.
"Install application" button
Full version from a mobile device
As soon as you start loading the www.vk.com website on the pre-installed browser of your phone or tablet, it will automatically start loading the mobile version (on most phones the default settings are exactly this) www.m.vk.com.
How can you change this state of affairs if you need the functionality of the full version of the site?
To switch to it, follow the algorithm:
- Enter your credentials on the site - in the upper field the email address or phone number for which the account is registered, in the lower field - password (you do not need to do this if you are already logged in from a mobile device in the full version - credentials are automatic will also log in to the mobile version);
- The page will refresh - you will begin to see an optimized version for a mobile device;
- In the upper left corner of the program window, find a button with three horizontal stripes - click on it;
- A side curtain will appear with the main notification, your avatar, name and status, as well as the main set of available functions;
<Fig. 23 Mobile version>
- Scroll the contents of the curtain down to the very end - there on a gray background there are functions that do not belong to the main interface of the site, but are necessary in the mobile version;
- Find the penultimate line Full version and click on it;
- A notification will appear (with standard default settings) requesting a method for opening the version - the official application for VKontakte mobile devices or a browser (if the application is not installed at all, then such a request will not appear);
- For convenient use, choose a browser;
- Select the Now Only or Always option, whichever is more convenient for you;
<Fig. 24 Switch to full version>
- The page will refresh and the full version of the site will be displayed - use it comfortably by zooming the page with two fingers.
The transition process is quite convenient and fast, so it does not cause discomfort.
However, the mobile application further increases the loading/loading speed without requiring constant additional actions.
The functionality of such an application is quite complete.
<Fig. 25 Full version>
Important ! In order not to constantly switch to the full version manually on some phones/in some browsers, you can disable the automatic transition to the optimized version. But not all browsers and phones support this feature. However, you can look for it in your mobile browser settings.
How to log into your VKontakte page from someone else's computer
If it is not possible to visit a page on the VKontakte social network from your own device, an alternative would be to use someone else’s computer one-time. In this case, you need to take a number of actions to secure your account. We will look at this process in detail in this article.
Logging into VK page from someone else's computer
The process of using another person’s PC to visit a VKontakte profile can be divided into steps that boil down directly to authorization and subsequent cleaning of the web browser. The second step may well be skipped if you initially log in through a special browser mode.
Step 1: Login to your profile
At the stage of authorization in your own account, you should not have any problems, since the actions are almost identical to logging in under normal conditions. Moreover, if you are extremely distrustful of the computer owner, it is best to first switch to “Incognito” mode, available in any modern Internet browser.