Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: For new apps, do you prefer accounts via big tech creds (GOOG,FB,etc.)?
8 points by iiJDSii 12 months ago | hide | past | favorite | 13 comments
...Or do you prefer that the app itself just asks you to sign up with an email and password?

Or is it context-dependent, or perhaps just not important to you?

Thanks




I would caution that HN users are most likely not representative of your user base, so choosing what to implement based on responses here for some app is misguided at best.


Easiest and most secure (in the sense of not getting things wrong) is sign-in via magic e-mail link, i.e. let the user enter the e-mail, generate a long random ID (16-32 bytes), send that to the user via e-mail and let them click on the link there to sign in.

Of course if you're app integrates with one of the services you mentioned then a social login makes sense, people have different preferences but from my experience for B2B apps most people will want to use an e-mail or sign in via SSO.


I've worked at large companies that do both B2B and B2C.

B2C gets 90% Google logins, 10% email logins, and small amounts of Twitter, Facebook, Microsoft, etc logins.

B2B is different. I forget the numbers but you get more email logins, Microsoft logins, and company SSO logins. Google and email were the still the top from what I saw.

If I were building a site today, I'd start with Google and email, with a plan to expand to more providers including SSO for the big enterprise customers if I was doing B2B.


I much prefer username+password or email+password if the app have a good reason for email.

1. Keep accounts independent. Less tracking and less stuff tied to my Google account in case it gets locked because some AI went off the rails.

2. With my password manager it is just one quick click to log in.


If an app or website exclusively uses third-party logins I generally won’t even use it. In general I don’t appreciate anything that tries to get cute about account creation.

(However I agree with the other comment about HN not being representative of typical users.)


I feel that way about sites that are only email/password. I don't trust them to have good security so I'd much rather use a third party provider. Good to have choice though.


I don't really understand this view.

If you're using a unique password per site (ie something generated by your password manager) I don't see how you face any higher risk with the site operator storing a password vs string some arbitrary token from a third party authenticator.


If.


If what?


Normally I will not do any kind of social login, for times when an app forces me to sign in with Google I have a separate Google account just for that.

If an app forces me to sign up with Facebook/Twitter/Apple I will just uninstall it.


I use an email address on a domain that I control. People get their Google accounts shut down all the time. This is fine for throwaway accounts, but not for things that you depend on.


Context independent so I can use a "masked email". A Gmail account can close at any moment without a notice and good luck figuring out what happened.


For apps used for work, I prefer it SSO with my big tech creds.

For personal, I prefer email + password, or even just username if the app allows that.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: