Want to know why I really don’t care for single sign-on? Let’s pretend I want to sign into StackOverflow.com.
The Flow
Oooh! I want to check my reputation on StackOverflow! Oh crap, this is a new computer. Let me log in!
Huh. Well, let’s check 1Password.
Shit. I didn’t save my password. Oh wait, maybe it was Google?
FFFFFFFFFFFF
Okay I think it’s the second one.
Um. Okay? Allow.
FFFFFFFFFFFF
That wasn’t it. Let me click Back and see if it was Facebook.
I guess I’d like to continue as Aaron since that’s me?
Yay!
The Reality
I originally signed up with my first Google account listed. I did NOT sign up with Facebook. After logging in with Facebook it automatically matched my account based upon e-mail address and let me in. StackOverflow is assuming that e-mail address changes on the trusted third party system are verified. I can imagine at least one of the “more login options” services would let me change the e-mail address to another user and ghost in as them using this.
In any case StackOverflow handles account creation decently. I’ve tried this SSO login on other services I didn’t have in 1Password with more stabbyness. Sometimes a new account is created every single time I choose a different SSO account.
I know I’m in the minority of most users having multiple Google accounts but I do know plenty of Facebook users with more than one. I’d rather have a known set of credentials than play the guessing game of which account was it.
Andy Skelton
I create entries in 1password just to remind myself how to log in.
KokkieH
I try to avoid SSO as far as possible, though there are a few services that don’t offer password login. PasswordLESS login with 2FA is the dream, in my opinion.
Eric Mann
I’ve also seen a few places where logging in with Google makes it appear that I’m logged in via a regular account. Logging out and back in with said regular account looks similar, but is in fact a different account entirely. (With Google they do the whole “gets your email address” thing so there’s really no difference).