Sh*t my brain says and forgets about

Why Single Sign-On is Stabby

Want to know why I really don’t care for single sign-on? Let’s pretend I want to sign into StackOverflow.com.

The Flow

Oooh! I want to check my reputation on StackOverflow! Oh crap, this is a new computer. Let me log in!

2016-12-01_14-21-26.png

2016-12-01_14-22-05.png

Huh. Well, let’s check 1Password.

2016-12-01_14-22-42.png

Shit. I didn’t save my password. Oh wait, maybe it was Google?

2016-12-01_14-24-33.png

FFFFFFFFFFFF

Okay I think it’s the second one.

2016-12-01_14-29-49.png

Um. Okay? Allow.

2016-12-01_14-30-06.png

FFFFFFFFFFFF

That wasn’t it. Let me click Back and see if it was Facebook.

2016-12-01_14-28-48.png

I guess I’d like to continue as Aaron since that’s me?

2016-12-01_14-32-50.png

Yay!

The Reality

I originally signed up with my first Google account listed. I did NOT sign up with Facebook. After logging in with Facebook it automatically matched my account based upon e-mail address and let me in. StackOverflow is assuming that e-mail address changes on the trusted third party system are verified. I can imagine at least one of the “more login options” services would let me change the e-mail address to another user and ghost in as them using this.

In any case StackOverflow handles account creation decently. I’ve tried this SSO login on other services I didn’t have in 1Password with more stabbyness. Sometimes a new account is created every single time I choose a different SSO account.

I know I’m in the minority of most users having multiple Google accounts but I do know plenty of Facebook users with more than one. I’d rather have a known set of credentials than play the guessing game of which account was it.

Previous

Preventing Spam iCloud Calendar Invites

Next

The Slack Channel Effect

3 Comments

  1. I create entries in 1password just to remind myself how to log in.

  2. I try to avoid SSO as far as possible, though there are a few services that don’t offer password login. PasswordLESS login with 2FA is the dream, in my opinion.

  3. I’ve also seen a few places where logging in with Google makes it appear that I’m logged in via a regular account. Logging out and back in with said regular account looks similar, but is in fact a different account entirely. (With Google they do the whole “gets your email address” thing so there’s really no difference).

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by WordPress & Theme by Anders Norén