•  · 408 friends

Opinion: "Social logins" are evil.

IMHO "social logins" or any kind of authentication servers provided by biased 3rd party websites is a force of evil. They're not as "handy" as they may seem to be and actually often create a lot of hassles. For example:

1. If you decided to stop using the service providing the ID (say, you want to close your FB account or GoogleID/GoogleSuiteID or Twitter account) - it's often very difficult if not impossible to change IDs and switch to an email/password paid in many services. 

2. Some services ONLY support social IDs and won't provide their own authentication layer. For example, Spectrum Chat only allows joining with FB/Goog/Tw/GH. What if I don't want to register with any of them?

3. Connecting to social IDs makes it impossible to safely share login information with the team/family/friend to a certain service without effectively providing access to a whole lot of services you don't mean to give access to.

4. Social ID providers often update their APIs without backwards-compatibility, effectively adding to your technical dept - having to update more stuff more often. 

5. Modern password managers make is just as easy, if not easier, to login to multiple services and only remember one password. Security breaches track record on these is much better than with most global social providers.

6. Different software vendors implement social IDs differently and often stuff up the handling of multiple accounts, session/token tracking and multi-account scenarios when users may have an active session in SocialID provider but need to switch to an account with email/password pair.

7. Global internet monopolies get to know far too much about what we do, what we use, how we use it and when. This gives them an unfair advantage in future development, especially considering how this data can be fed to AI engines they have access to.  For example, if you figured out a cool viral service and support FB-login, you essentially tell FB all they need to know about what they need to add to their next software update to replicate your engagement success.

8. Noticed how you can't log in to Twitter with FBID, or to FB with TWID? Or how you can't use any external ID to create a Google Account? See, the big boys with ambition don't use this - too much to lose and too little to gain. 

In short, I thoroughly discourage everyone from using social logins. 😤

  • 181
  • Not using them on my site, data privacy being a big reason

    • What about the analytics that they allow? 

      • Well said. We are not using them either

        • It is very limited what you get compared to what you give. For tracking we use the open source Matomo instead of Google Analytics. We believe it is much better and safer. It runs on our own servers and we don't feed an external company with valuable information about our company

          • Thank you, 

            Has anyone tried implementing mix panel? 

            • Thank you Andrew Boon  for this lighting it confirms what I think and gives me reason not to use it. This is important because when you are alone in making decisions you sometimes wonder if you are doing well or not.

              • I got away from using them too.

                • There is very limited added value in terms of analytics. You can collect plenty of data with something like Matomo, as well as UNA Analytics app, or use Google Analytics. Not sure how social logins can add any KPI datapoints to that.

                  • We used it a few years ago. Quite a steep implementation curve to create all the tags/events and build dashboards IMO. It is powerful, however.

                    • Another BIG problem with them is dependency. If you turn them on and later decide to get rid of them - tough luck.

                      • We use Matomo (ex Piwik) and it works brilliantly. We host it ourselves do no information about our performance or user activity patterns leaves our server

                        • Indeed, it really makes a lot of arguments against it. I definitely let this idea fall, just explain why we do not use my members, to discourage them from using them elsewhere as well. I repeat, a very good idea to have written this post. Thank you.

                          • Also, when using social log-in on our sites, it is telling our members that we are endorsing these sites, which is not always the case.

                            • True too!

                              • Excellent post. We should eventually be able to log into any site via our phones, using their bio-metric features. Face recognition or fingerprint. 

                                Disclaimer: I hate google and facebook and twitter. Because they are greedy at the expense of others' privacy.