> I'd extend this even further: never use a single account for more than one purpose. Create a separate account at the same company for the other purpose.
This should really go without saying. I’m sometimes shocked at the extent to which it has become normalized to mix up one’s personal accounts with work. I can’t count the number of times a colleague accidentally sent me an email using their personal account, or texted me from their personal phone. Some people even use their personal phone directly for work, without even doing so much as creating a work profile. Why are you doing this to yourself? You’re just asking for trouble.
Don’t even get me started on how entrenched “Sign In With [Company]” schemes have gained traction. Why deliberately have such a single point of failure? To save what? An additional password?
However, in practice, using "Sign in with Google" by default dramatically increases resilience to most failure modes for almost everyone without a sophisticated threat model.
> To save what? An additional password?
The average person does not manage their passwords in a sophisticated way; if someone is signing up for many different services, they are probably using the same password everywhere, or some simple enumeration scheme. Then, when some random forum or web service gets compromised (as they inevitably are), their password to everything is compromised - including Google! On the opposite end of the spectrum, if Google is the only service with a password, and everything else is driven by Google-owned SSO, that person is essentially immune to compromise; whatever I think about the company, I do believe in Google's security team to keep passwords safe and block dictionary attacks more than any other service on the internet.
And while we can evangelize setting up password managers and using strong random passwords everywhere, the truth of the matter is that many people simply cannot accomplish this. "Sign in with {Google, Facebook, Microsoft}" gets them 95% of the benefit at much higher reliability.
> if someone is signing up for many different services, they are probably using the same password everywhere, or ...
This is completely the case, and at least from my experience the reality is worse than what is often believed: people don’t have distinctions between websites.
i.e. if a layman registers john@cool-website.invalid:correctStaple, and then they open another-sitename.invalid the other day, and presented with login screen, his intuition will be “john@.:correctStaple has to work”, because that’s what he “entered” yesterday.
Federated sign-in solves this by allowing users to use coherent id:password string for any login page without having to have distinctions between domains.
Strongly agree! And if Google closing your account is a big part of your threat model, that's something to hedge against.
But I suspect that for the average consumer - people using their gmail to send and receive emails, and doing stuff like watching Youtube and installing Android apps - the odds of that are quite small, especially if they don't have a business or developer context associated with their personal gmail. Account loss/takeover due to password re-use is a much bigger threat for the average person.
> Don’t even get me started on how entrenched “Sign In With [Company]” schemes have gained traction. Why deliberately have such a single point of failure? To save what? An additional password?
Well, no, it doesn't save a password. People use the same password across all their independent accounts.
Sign in with [Company] doesn't improve that, obviously, but there is the idea out there that [Company] might be doing a better job not leaking your password than the couple dozen sites that know it under the other system.
In other words, Sign in with [Company] is a way for a website to protect itself (from touching your password) at your expense. It's not there for you.
It’s pretty helpful for online shopping to be able to use Apple Pay. On your phone, you just click the button, use FaceID, and confirm shipping address. It can be done in 2 seconds compared to regular checkouts which step you through 4 or 5 screens.
Sign in with GitHub has also been nice for me on gitter. I don’t need a separate gitter account for any reason, and sharing my GitHub account on gitter is reasonable.
> Don’t even get me started on how entrenched “Sign In With [Company]” schemes have gained traction.
Absolutely!
My advice is to never, ever, use these links to sign in with a different company. It is a sure fire way to lose completely unrelated accounts just because ML went crazy somewhere and banned you.
(Also, on the advice front, always run your own domain for email. You need to be able to transfer it elsewhere when gmail blocks you, if you're using gmail.)
I'm not sure if this isn't a bit too paranoid approach. Using single sign on is imho fine as long as you use that account only for single sign ons. At least I haven't ever heard of anyone banned for this. Sure, it isn't ideal, but it significantly lowers overhead of managing too many identities.
This should really go without saying. I’m sometimes shocked at the extent to which it has become normalized to mix up one’s personal accounts with work. I can’t count the number of times a colleague accidentally sent me an email using their personal account, or texted me from their personal phone. Some people even use their personal phone directly for work, without even doing so much as creating a work profile. Why are you doing this to yourself? You’re just asking for trouble.
Don’t even get me started on how entrenched “Sign In With [Company]” schemes have gained traction. Why deliberately have such a single point of failure? To save what? An additional password?