Sh*t my brain says and forgets about

Why Single Sign-On is Stabby

Want to know why I really don’t care for single sign-on? Let’s pretend I want to sign into

The Flow

Oooh! I want to check my reputation on StackOverflow! Oh crap, this is a new computer. Let me log in!



Huh. Well, let’s check 1Password.


Shit. I didn’t save my password. Oh wait, maybe it was Google?



Okay I think it’s the second one.


Um. Okay? Allow.



That wasn’t it. Let me click Back and see if it was Facebook.


I guess I’d like to continue as Aaron since that’s me?



The Reality

I originally signed up with my first Google account listed. I did NOT sign up with Facebook. After logging in with Facebook it¬†automatically matched my account based upon e-mail address and let me in. StackOverflow is assuming that e-mail address changes on the trusted third party system are verified. I can imagine at least one of the “more login options” services would let me change the e-mail address to another user and ghost in as them using this.

In any case StackOverflow handles account creation decently. I’ve tried this SSO login on other services I didn’t have in 1Password with more stabbyness. Sometimes a new account is created every single time I choose a different SSO account.

I know I’m in the minority of most users having multiple Google accounts but I do know plenty of Facebook users with more than one. I’d rather have a known set of credentials than play the guessing game of which account was it.


Preventing Spam iCloud Calendar Invites


The Slack Channel Effect


  1. I create entries in 1password just to remind myself how to log in.

  2. I try to avoid SSO as far as possible, though there are a few services that don’t offer password login. PasswordLESS login with 2FA is the dream, in my opinion.

  3. I’ve also seen a few places where logging in with Google makes it appear that I’m logged in via a regular account. Logging out and back in with said regular account looks similar, but is in fact a different account entirely. (With Google they do the whole “gets your email address” thing so there’s really no difference).

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by WordPress & Theme by Anders Norén