Social Site Login

Do we need Social Site Logins?
How inconvenient is requiring new users to create a username and password? Should the site support authentication with existing social media accounts?


In this test, I log in using a GitHub username and password. On the first screen you login to GitHub.

Here is the second screen:

And the third screen:

The point is that registering using a username-password combination has fewer steps, 1 screen versus 3 screens.

After you register, logging in using a social media account requires that you first log into the social media site, and then your Discourse site.

From the security perspective, GitHub would know that I used their authentication to another site and I suspect they know which site. These are breadcrumbs to be avoided if possible.

You can use multiple authentication methods as long as each uses the same email address.

One last comment from a cybersecurity perspective.

To prevent identity theft and cyber snooping, you are best off making it difficult for others to connect the dots on where you go and what you do. This is as much true for big-tech as it is for cyber adversaries. Just like you should not use the same password on two different sites, why would you want to use the same authentication on two different sites?

For the most part, I avoid cross linking apps and sites. I don’t need to make it easy for adversaries (cybercriminals, etc.) to access my information if something gets hacked. I do use a password manager (1Password) so if that gets hacked i’m screwed. Until i find a better solution, i’ll need to trust them and their security.