Personally, I want to distance my personal data and business from companies like Google and Microsoft as much as possible.
While log in with Google is convenient and I still use it on some of my personal accounts, I feel like there’s a loss of control, not to mention my distrust in these larger companies in terms of data usage and privacy.
So if I decide to not add a login with Google option to my own platforms, could that cause damage in any way?
could that cause damage in any way
You’re increasing friction to create an account with you so you’ll get fewer people to create accounts.
I don’t know how big of an impact that will be but it won’t be 0.
You’re increasing friction to create an account with you
100%. It’s convenient.
Any time I can sign up through Google, I do it. Never use the option to create an account on a site otherwise.
@Zephyr
I look at the access all those connections create to one another and also your own personal data and it makes me cringe.
I’d much rather have a password manager and have a lot of silo’ed accounts.
I mean you do realize that Google and each of those companies you’ve provided access to now know everything about you, right?
@Zorion
Do you even know how the SSO works? Google knows you signed up to a website, they don’t have access to the actual contents.
Same with the website - Google tells them your identity (email, Google id). That’s about it.
When she waxes her upper lip. They’ll know when it happens
@Hollis
That, plus your browsing history is already a ton of data. The amount of data they have and use can already paint a scary image of who you are as a person.
Data privacy is a concern that is not taken nearly seriously enough; single sign-on like this is trading convenience for anonymity and privacy.
@Hollis
If your Google account gets compromised, every account you have SSO becomes compromised. It’s not as bad as using the same password for every site, but it does introduce a single point of failure. If you accept this risk, that’s okay.
I prefer siloing accounts, especially things for important services. I understand this changes out one single point of failure for another, but I think my password keeper is safer than a Google account. That said, if the information I give access to the app is not sensitive (PII, financial info, communicating with friends, etc.), SSO all the way.
@Zorion
You have no idea how SSO works. Apps would know your name and email and nothing beyond that (nothing useful anyway)
Mal said:
@Zorion
You have no idea how SSO works. Apps would know your name and email and nothing beyond that (nothing useful anyway)
My email address is my social security number 
@Zorion
You’re not looking at all the connections you create to one another because they don’t exist. More secure than password login since it uses 2FA and other identity verification.
@Zorion
I get a lot of value from their services. If the cost is my data, they can have it. It’s a good deal for me. They can use it to train AI or give to advertisers whatever they want.
Mackenzie said:
@Zorion
I get a lot of value from their services. If the cost is my data, they can have it. It’s a good deal for me. They can use it to train AI or give to advertisers whatever they want.
Hey, I actually respect people that are willing to look at the pros and cons and say ‘hey that’s a deal I’ll take’
Loads of people trade the security for convenience and then lie to themselves that they didn’t have to make a trade.
@Zephyr
What!?! When you login using Google, you give permission to share your data with the new website/account.
Huxley said:
@Zephyr
What!?! When you login using Google, you give permission to share your data with the new website/account.
It tells you what is shared; most of the time that is the email address and username.
@Flint
Small counterpoint: I have been to at least one site that required a login through third party (Apple/Google/etc.). I believe this is more common with comment sections on blogs.
There was no option to create an account for the site/service itself so I simply left without interacting.
Finch said:
@Flint
Ahh, that’s a good point actually.
I personally will login through Google without a problem because I don’t need to do anything, it’s just one click and I am done, and I can save preferences or sign up or buy the thing. I don’t want to do the signup form right now. So if I have to enter a password and username and confirm email link, etc… I just don’t register until I absolutely have to bother.
It’s like, people will defer their decision for later when there’s an obstacle to registering. These deferred decisions often do not end up with people coming back later when signing up is part of getting them to come back later. It’s an easy way to get them invested, and you can get their email and send them a welcome notification. So you want to make that as easy as possible. One-click sign up is helpful for that.
Finch said:
@Flint
Ahh, that’s a good point actually.
You don’t need the Google button, you can use email code verification for login; you send a code to the user’s email every time he wants to log in and generate a JWT token. There are SaaS that offer this service for free like Supabase or Kinde Auth that also support social auth buttons if you want to add them in the future.