Social Login Again

As mentioned here:

we’ve upgraded our social login functionality.

The Google integrated login I always found kind of irritating before - there was a custom google branded button, and if you ever used it it set a cookie so that it ALWAYS logged you in with that account whenever you got to the login screen, which is probably fine for real life but horrible for testing, but now it works as you’d expect it to.

So most sites currently have only Facebook login enabled, or at most Facebook + Google.

I know that they’re all creepy and weird and stalkery, but from a security point of view, social login is MUCH more secure than asking people to set a password.

If you ask people to set a password, chances are they’ll reuse a password. I don’t: I use to manage passwords and to securely generate 24 character truly random passwords for every site that I never even attempt to remember, which is really the only half way secure way of doing things, but most people don’t. If they have secure password that they have memorised, then they probably use it for everything: memorising a secure password for every single site on the internet that asks you for one is impossible. And on mobile even if they use a password safe, it’s still less likely that they’ll bother to generate a password and save it.

The problem with password reuse is that if someone uses the same password on site A and site B, and you are site B and properly secure and so on, and site A gets hacked, the hackers can use the email address and password they found on site A and use them on site B and your data has been compromised, even though you did nothing wrong.

And the best way to avoid password reuse is to log in with Facebook or Google or Twitter or PayPal. It doesn’t request any permissions to post to people’s walls or anything. All we ask for is basic identity information: email address and name.

So: please ask us to set up Facebook / Google / Twitter / Paypal integrated login for you!

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.