As a user, I would much rather sign in with Google or Github than creating a new account with email/password. Here's my (extremely subjective) reasons why:
I trust the security of my accounts on Google and Github more than I do some random app (less-so with Facebook, but I'd still rather do a Facebook login than email/password)
Creating an account with an existing social provider "feels" less like creating an account and more just like signing in. Lower barrier to entry is always a plus.
If I'm ever given a reason to no longer trust an app, I can revoke their access from my Google or Github account. I also like to periodically go though my authorized apps and revoke access to ones I no longer use, so it's easy to track and manage all my accounts across the web.
Sites offering social login just strike me as higher-quality, in general. Its probably just because they are usually newer, but something about having the app offer authentication with another service just instantly makes them more reputable in my book.
As a developer, it's certainly tempting to roll your own auth, because OAuth, on the surface, seems really complicated, and a database of usernames and passwords seems so simple. However, I can almost guarantee you that implementing auth with an external provider is much easier than building a truly secure authentication system yourself.
Casey, this is incredibly insightful. I especially like your point about still feeling more trust in Facebook than some random application that's asking for your credentials.
And I think you're absolutely right. Adding your own authentication solution is almost always going to be less secure of a solution. Thanks for the comment!
personally, I flip-flop on this. it is a question of who i trust least at the point where i am signing up.
when it comes to spending money it feels like a concentration risk to use a social login. it would be too much data accessible from a single breach at the social network. so i prefer a site that lets me sign-up directly with my password manager filling the forms and a strong password. the most important thing for me is that I can pay without handing over my card details (i.e., use paypal and my phones built-in wallet).
on the other hand, anything to do with coding i will use my GitHub account as having a joined-up coder identity seems like it could benefit me. career profile related stuff is something that I chose to join up via linkedIn.
asking devs how they feel about this won't give an accurate picture of how the general public thinks about things. many sites offer the choice to login via one or two social logins and also let you sign-up directly. that seems like a good hedge. i think it would make a very interesting A-B or multivariant test to offer folks random combinations on a signup page to measure what works best for a particular site.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
As a user, I would much rather sign in with Google or Github than creating a new account with email/password. Here's my (extremely subjective) reasons why:
As a developer, it's certainly tempting to roll your own auth, because OAuth, on the surface, seems really complicated, and a database of usernames and passwords seems so simple. However, I can almost guarantee you that implementing auth with an external provider is much easier than building a truly secure authentication system yourself.
Casey, this is incredibly insightful. I especially like your point about still feeling more trust in Facebook than some random application that's asking for your credentials.
And I think you're absolutely right. Adding your own authentication solution is almost always going to be less secure of a solution. Thanks for the comment!
personally, I flip-flop on this. it is a question of who i trust least at the point where i am signing up.
when it comes to spending money it feels like a concentration risk to use a social login. it would be too much data accessible from a single breach at the social network. so i prefer a site that lets me sign-up directly with my password manager filling the forms and a strong password. the most important thing for me is that I can pay without handing over my card details (i.e., use paypal and my phones built-in wallet).
on the other hand, anything to do with coding i will use my GitHub account as having a joined-up coder identity seems like it could benefit me. career profile related stuff is something that I chose to join up via linkedIn.
asking devs how they feel about this won't give an accurate picture of how the general public thinks about things. many sites offer the choice to login via one or two social logins and also let you sign-up directly. that seems like a good hedge. i think it would make a very interesting A-B or multivariant test to offer folks random combinations on a signup page to measure what works best for a particular site.