Hacker News new | past | comments | ask | show | jobs | submit login

I cope with this confusion by avoiding third-party login whenever possible. Why volunteer additional information about myself to Google or Facebook?





Because you can frequently avoid account creation, setting a new password etc if you click “sign in with google.” It’s a tradeoff but if you don’t see any value in it you maybe haven’t used it- it’s convenient.

With a password manager though, I avoid having tradeoffs in the first place. I get some amount of anonymity by separating my accounts, and it's trivial to login to sites with the same amount of clicks as with third party sso.

Password manager doesn't stop you from having to fill in a bunch of stuff. Like yeah, it's only a couple minutes, but if it's for an app you'll use a handful of times in your life, just hitting that G will be much nicer.

Most of them have a hotkey for fill out + submit form.

Registering a new site on PC browser with password manager is fine but on mobile with password manager is bother. It won't register new ID/password automatically.

Chrome on Android is persistently annoying about wanting to save new IDs, and will also try to save logins for apps. That gets turned off fairly quickly, as I use Bitwarden, which _also_ prompts to add new accounts when I sign up or log in.

It's not foolproof, but given I'm generating the password in Bitwarden anyway, it's not the end of the world if it doesn't catch it.


It's convenient right up to the point where I need to get back into an account but forgot if I used it or not - which is exactly the point of the parent.

I too have struggled to remember which third party sign-on I used (or if I used a native sign in), so now I avoid them every time, too.

They're literally only convenient if I want to have an account that I'm happy to 'throw away' or, to accidentally create duplicate accounts for the service.

For anything where I'm actually paying, they're a nightmare. Oh, did I sign into this with one of my google accounts? Was I crazy enough to use facebook? Or which of my emails did I use?


I don't have any metrics to back this up, but I would assume most websites that use these third-party login systems, still pull down your email address and create an account for you based on that. So it stands to reason, you if you used the same email for all Facebook, Google, Apple, you could sign in with any of them and maintain one account.

I suppose that's a huge assumption, but that's how I would do it if I was developing against them. That said, it doesn't help w/ the "Hide my Email" or the default icloud.com email addresses people don't realize they're using.


Spotify is a PITA for this. And there is no easy way to migrate to a "non facebook" account your playlists and stuff.

That is why my mom and my grandma use "sign in with facebook".

But if you have a Password Manager, then it is literally a single signon solution in and of itself, without the sacrifice of privacy.


Also there are services that log you out after some time. You aren't doing anything wrong, you're simply using the service, but at some point you open it and see a login form. Now, I don't understand why do sessions have to have a lifetime at all, this is terrible UX, but clicking one button to log back in instead of actually typing stuff on the keyboard is much more convenient.

Isn't that what a password manager is for?

I guess a lot of times it’s for security or to minimize storage over time. Sometimes you are only logged in for the browser session, so if you close it, it removes your session. Most smaller sites do have the remember me button to opt in for longer sessions and do not implement a session renew feature.

> Sometimes you are only logged in for the browser session, so if you close it, it removes your session.

Probably, and this shouldn't be a thing. Except maybe for banks, but even then, it's debatable. Here's a handy list of cases when I want to be logged out:

1. I click the log out button.

Which I don't ever do either, because it's my personal device.


I use third party identity providers for all webservices I offer. Not that many because I am not web dev. People love it but I wouldn't use it myself. Of course the identity provider could extract information about the services you use, I wouldn't like that for most platforms to be honest not for the net as a whole.

Account creation sucks, but I prefer it to letting an ID provider know about it. Although I would trust real third party ones like auth0 more than Facebook or Apple, even if they have a more focused business model.


I've had services ask me to create a username and password after I "log in with Google". I usually give up at that point.

I think that's the entire point of the parent's (and my as well) position: the so-called convenience of not having to type a few more things to set up an account is not worth giving more data and control to FB/Google/whomever.

They're likely just answering the question you posed... An explanation for _why_



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: