Who Likes Signing Up For Things?
The last time you used a service which required login for use, you may have noticed the option to Login with Apple, Google, Facebook, or other recognizable services. These options are actually very helpful and time saving because they allow us to skip past providing information and a new password for every service we use. At first glance you may be hesitant to use these options because they seem less secure. This isn’t a bad first thought to have because it seems like you are giving away the logins to your Google or Apple accounts when doing so.
While there are always risks and tricky hackers out there who may attempt to spoof these kinds of things, I can confidently say that the Login with feature is actually more secure than it may seem.
How is it Secure?
The login with feature relys on the service that you select for all aspects of login. This means that if you select “Google” for instance, you should login directly through Google’s authentication services. Upon successful login, Google will send a confirmation to the service that you are successfully authenticated and you are ready to begin using the service. Google will then share your email address and maybe your name. However it’s always important to double check the permissions that a website is asking the service for when you do choose to utilize this feature.
That’s it, it’s that simple.
Why is this a Thing?
Most of the world uses services like Apple, Google, and Facebook which means that as a society we have decided that we “trust” these services. Additionally, these services have reputations to protect and they have the means and infrastructure to ensure customer data is safe while in their possession. Websites who do not have this reputation or means to secure as thoroughly know that people may be more hesitant to create a sign up for another service and provide personal data to that service. Adding the Login with option to their service ensures that they do not need to store authentication and login data in their own database. It is a win-win situation for most services because they are able to convert more customers because of the trusted login options. They also do not have to invest as much time and resources in building and securing their own robust auth system with multi factor authentication and password reset functionalities.
Why Don’t All Services Use This?
Some services would rather own all of the data that they can so this feature doesn’t quite fit into their model. Additionally, this feature/option is still somewhat new in comparison to the internet, it will take some time for most services to adopt it. However, typically it is a fairly simple feature to implement so if it is not used, the choice may be deliberate.