> Social login buttons delegate control of your users’ credentials to another service, rather than ensuring security yourself.
It is basically guaranteed that both Facebook and Twitter logins are more secure than almost any website that might offer one of their login buttons. How many websites have dedicated security engineers? Does mailchimp.com? I doubt it (but I'd be impressed if they do).
The other arguments are pretty reasonable; of course if you don't want to put another brand right in the middle of your login page, a social login button might not be for you. But security is almost an anti-concern: it's probably a win for your users in that respect.
> Does mailchimp.com? I doubt it (but I'd be impressed if they do).
They... almost definitely do. This is no small shop. They have 2M customers, over 150 employees. They have webpages like this one where they talk about their regular pentesting, required security reading for all employees that touch customer data, site certifications and vulnerability disclosure polices -- http://mailchimp.com/about/security/
We use Mozilla Persona and would argue we get the benefit of a secure system without the detriment of forcing a user to be a member of a social network when they may not wish to be.
It's certainly possible that they may be more secure than a lot of smaller sites, although that's not guaranteed - social media sites are fairly likely to be more interested in agility than robust security.
What is pretty much guaranteed is that there's more people trying to hack Facebook/Twitter security than most smaller sites.
> What is pretty much guaranteed is that there's more people trying to hack Facebook/Twitter security than most smaller sites.
That, and the fact that they're still around means exactly that it is guaranteed they are more secure than most of the smaller sites. Being a big and valuable target to hit, they can only adapt or die.
It is basically guaranteed that both Facebook and Twitter logins are more secure than almost any website that might offer one of their login buttons. How many websites have dedicated security engineers? Does mailchimp.com? I doubt it (but I'd be impressed if they do).
The other arguments are pretty reasonable; of course if you don't want to put another brand right in the middle of your login page, a social login button might not be for you. But security is almost an anti-concern: it's probably a win for your users in that respect.