Opinion: "Social logins" are evil.
IMHO "social logins" or any kind of authentication servers provided by biased 3rd party websites is a force of evil. They're not as "handy" as they may seem to be and actually often create a lot of hassles. For example:
1. If you decided to stop using the service providing the ID (say, you want to close your FB account or GoogleID/GoogleSuiteID or Twitter account) - it's often very difficult if not impossible to change IDs and switch to an email/password paid in many services.
2. Some services ONLY support social IDs and won't provide their own authentication layer. For example, Spectrum Chat only allows joining with FB/Goog/Tw/GH. What if I don't want to register with any of them?
3. Connecting to social IDs makes it impossible to safely share login information with the team/family/friend to a certain service without effectively providing access to a whole lot of services you don't mean to give access to.
4. Social ID providers often update their APIs without backwards-compatibility, effectively adding to your technical dept - having to update more stuff more often.
5. Modern password managers make is just as easy, if not easier, to login to multiple services and only remember one password. Security breaches track record on these is much better than with most global social providers.
6. Different software vendors implement social IDs differently and often stuff up the handling of multiple accounts, session/token tracking and multi-account scenarios when users may have an active session in SocialID provider but need to switch to an account with email/password pair.
7. Global internet monopolies get to know far too much about what we do, what we use, how we use it and when. This gives them an unfair advantage in future development, especially considering how this data can be fed to AI engines they have access to. For example, if you figured out a cool viral service and support FB-login, you essentially tell FB all they need to know about what they need to add to their next software update to replicate your engagement success.
8. Noticed how you can't log in to Twitter with FBID, or to FB with TWID? Or how you can't use any external ID to create a Google Account? See, the big boys with ambition don't use this - too much to lose and too little to gain.
In short, I thoroughly discourage everyone from using social logins. 😤
-
Not using them on my site, data privacy being a big reason
-
What about the analytics that they allow?
-
Well said. We are not using them either
-
It is very limited what you get compared to what you give. For tracking we use the open source Matomo instead of Google Analytics. We believe it is much better and safer. It runs on our own servers and we don't feed an external company with valuable information about our company
-
Thank you,
Has anyone tried implementing mix panel?
-
Thank you Andrew Boon for this lighting it confirms what I think and gives me reason not to use it. This is important because when you are alone in making decisions you sometimes wonder if you are doing well or not.
-
I got away from using them too.
-
There is very limited added value in terms of analytics. You can collect plenty of data with something like Matomo, as well as UNA Analytics app, or use Google Analytics. Not sure how social logins can add any KPI datapoints to that.
-
We used it a few years ago. Quite a steep implementation curve to create all the tags/events and build dashboards IMO. It is powerful, however.
-
Another BIG problem with them is dependency. If you turn them on and later decide to get rid of them - tough luck.
-
We use Matomo (ex Piwik) and it works brilliantly. We host it ourselves do no information about our performance or user activity patterns leaves our server
-
Indeed, it really makes a lot of arguments against it. I definitely let this idea fall, just explain why we do not use my members, to discourage them from using them elsewhere as well. I repeat, a very good idea to have written this post. Thank you.
-
Also, when using social log-in on our sites, it is telling our members that we are endorsing these sites, which is not always the case.
-
True too!
-
Excellent post. We should eventually be able to log into any site via our phones, using their bio-metric features. Face recognition or fingerprint.
Disclaimer: I hate google and facebook and twitter. Because they are greedy at the expense of others' privacy.
-
Lol - I just wasted a few hours trying to get FB Login and Google login working and gave up late last night. Thought I would try again today - BUT - life just got easier for me. I will delete those SN Login apps. :)
Thanks for your comment and big thanks to the OP.
-
We don't have privacy anymore. I don't know about you guys, but those apps that many people use on FB, that if u click on it to play a game, it will tell u "user" if u look like another race or it tells u how u will look in the next 30yrs, I never played that cause I don't trust those freaking plug-ins. They get your face and God knows what else they do and then display a picture of u on how u will look in 30yrs.
-
I never use social login on my websites.
-
In 30 years I wont give a damn how I look. 😁
-
Exactly....lol...or wait I think there is one that says, how many people hate u or love u. Do u really think I need to know I need an app or whatever the he'll that is to let me know who hates me or loves me. Lol
-
Andrew Boon since social logins are evil why not make it easier for us who use una.io to login on our una sites using your una creds.
Since I decided not to use FB, GO, TW, I was going to try UNA Connect but have to pay $50 annual for the pleasure.
-
For all i know, when you click on any of those games, ur given away what color is your urine. <------ tried to be respectful with my scenario. 😀
-
If we start serving community sites IDs from UNA.IO we’d have to have millions of accounts registered here that have no interest in building communities, they just use them... so it wouldn’t be ideal.
you can launch your own oAuth server with UNA Connect, yes, but it only makes sense when you run a network of related sites.
-
In effect you already can - use your phone with touchID or faceID to store your passwords in keychain (local vault, encrypted, secure) and login with It to any sites faster than you would with FBID, or GoogID.
-
Can we stop using them right away? What happens to users who register with them till now?
-
So don’t have it like this as in the image is what you’re saying?
But what about having the other social media’s linked to your existing one such as if you want to forward a post or link and you select on the logo to open it up. Will that not have a negative similar to the “social login”?
-
Eh, never use that since day ONE in 9 beta/rc. 😉
-
Can we stop using them right away? What happens to users who register with them till now?
In UNA Users will remain on your site if you uninstall all Social Logins modules, if usrs didn't use password authentication before then they will need to use Forgot Password to make new password to be able to login.
-
So I guess we won’t be seeing a “Sign in with Apple” Module anytime soon? 😶
-
Thanks Alex
FDFE362F-A105-4433-8E7A-D4A505DEF277.jpeg