It seems like everyone is using the sign-in screen that invites you to “Sign in with Facebook” to a website that is not Facebook. Facebook and Google turn up most often but you might also see the option to sign in with Twitter, Amazon, Microsoft, Instagram, or others.
In the website biz, it’s called a Social Login. Like many things in the world, there are lots of advantages for the businesses suggesting it to you. There is even a modest advantage for you, which is nice. Good news! There’s no big reason for you to change what you’re doing. This isn’t that kind of article. Isn’t that relaxing?
When you see social login choices like “Sign in with Facebook,” there is always another option – “Sign in with email.” I think that’s a confusing phrase, which is why I’m writing this Tech Stuff In Plain English Explainer™.
So here’s the important takeaway: When you are logging into a website and you see “Sign in with email,” it means, “I have an account with this website that I log into with my email address and a password I chose just for this site.”
What are social logins?
Every online service needs to know who you are. That makes sense, right? Whether it’s mail, shopping, travel, banking, or a phone app – they have to identify you in some secure way so they can show you your messages, your orders, your trips, you and nobody but you. You are always being authenticated by a password or a fingerprint or the camera on the phone.
When passwords are memorized by Outlook or Chrome, people forget that there ever was a password at all. “I didn’t know my mail had a password,” they tell me with a laugh. I laugh with them because I am an exceptionally pleasant person. Then we talk about how Microsoft cannot reach into their brain to see who they are before the mail is delivered. There is always a way to authenticate who you are.
Traditionally websites create an account for each person. It’s kept on their own servers, separate from accounts you have with other services. The “account” is just a name and a password that precisely identifies you and only you. The name is frequently an email address because by definition each person’s email address is unique.
It is hard work to set up servers to authenticate people! It’s an expensive engineering job for the business, lots of servers to set up and IT people to be hired to program things and keep the system secure. It’s hard for you, because now you’ve got another password to memorize.
So a tempting alternative emerged. Almost every Internet user on the planet has a Google or Facebook account. Google and Facebook are skilled at authenticating you in their systems.
When you sign in with Facebook, the website is letting Facebook do the difficult job of identifying you. The website passes control to Facebook for a few seconds. When you put in your Facebook credentials, Facebook says, yes, we know that person, here’s who it is. The website says, thanks, Facebook, we recognize them now, we’ll take over from here.
That’s a social login. It’s a type of single sign-on to simplify the authentication process. You only have to remember one password for a social networking service to get into lots of other services.
Why do Facebook and Google and the websites like social logins?
It’s all upside for the social networks and the websites that use social logins!
Websites do whatever it takes to hang onto potential customers. They know everybody hates creating new accounts and choosing passwords. The leading reason people use social logins is to avoid having to fill out online registration forms. A startling percentage of users leave websites immediately when they forget their login information, probably never to return.
But that’s not all.
When you sign in with Facebook, the website does not get your Facebook password, but Facebook sends the website lots of demographic data about you. That might be your email address, name, age, gender, location, relationship status, interests, who knows what else.
That is far more valuable to the website than the information they could get from you by asking you to fill out a form, because (1) people tend to bail out if they see a form with lots of blanks to fill in about themselves, and (2) people lie when they fill in those forms. It’s much better for the companies to have accurate data about you for marketing and advertising.
The social networks like to know what you’re doing. The website using the social login is going to send data back to Facebook or Google about what you’ve been doing on the site.
One more thing: when you create an account with an email address and a password, some services assume (probably from bitter experience) that you’re planning on cheating a bit by sharing the credentials with your family and friends. That’s harder to do with social logins. You might share your Hulu password but probably not your Facebook password.
Why should you use a social login?
Because it’s incredibly convenient, of course. The alternative – fill in the form, choose a password (remembering the tedious advice from your IT person about how complicated it needs to be), type in the password twice, type it in again because you mistyped it the first time, write it down someplace where it will be lost – what a pain! Push the Facebook or Google button and your new account is ready in seconds.
Really, that’s about it, but don’t underestimate convenience. That’s a darned good reason.
Why shouldn’t you use a social login?
I don’t want to overstate these because social logins are just fine. But there are three reasons to bypass the social logins.
(1) Privacy Lots of information about you is passed back and forth between the social network and the website with the social login.
(2) Security If your Facebook or Google account is hacked, the bad guys also get access to all the websites linked to your social account.
(3) Confusion There is no easy way to tell how you created an account when you arrive at the sign in screen for a website. Did you use Facebook? Google? Amazon? Twitter? Or did you use your email address and a password written down on a post-it somewhere? I’m not sure the social login makes it easier unless you are consistent about always using the same social account everywhere.
If you want to be secure and private, create a separate account for every website. Generate a secure random password for each one. Store the password in 1Password or LastPass.