I think, by and large, we all agree that the login model on the web is kinda broken, and is continuing to become more and more fragmented with every new site gaining traction and offering their authentication API as a service.
To put it in fairly broad strokes, I think the main points for either side are:
- Simplifies login for your users — by offering one less username/password combo to remember it reduces the barrier to entry/conversion for your potential lead
- Outsources security — There are a lot of very smart people at Google/Facebook/etc that are working hard on authentication and security. Outsourcing your authentication process to them is surely better than trying to roll your own?
- Viral promotional channels — Authenticating with the likes of Facebook/Twitter will also offer you the possibility of easy integration with their social-sharing API
- Outsources security — the flipside of this is you are dependent on the third party getting security right. LinkedIn have been one of the high-profile victims of user account details hacking. If you were authenticating with LinkedIn, then your user accounts have also been compromised
- Reliant on third parties — should you ever try to build something that is reliant on the eco-system/infrastructure of another organisation? Will they always be around? Will they always be popular?
- Brand association — Especially with the recent Prism/NSA fallout, do you want to be associated with all these brands? Do you know that your users still trust these brands?
- Viral promotional channels — Many users are wary of apps that connect to third parties, and fear that if they sign up with Facebook then the application may try to share things with out their approval
Personally, I don’t like them. I generally don’t use them, but have done on occasion (yes, I know, medium is linked to my Twitter account).
I don’t like them for two reasons:
As a user it frustrates the hell out of me when I go to a site and I have to try and remember which registration mechanism I used — it normally goes something like this:
“Did I sign up with email? Let me try my usual password”[Username or password incorrect]“Hmmm, maybe I did and have just put the wrong password in, let me try another password..”[Username or password incorrect]“Hmm, still no joy, I know, I will try password reset — that should send me an email if I have a password setup”[Wait for email.. no show]“Ok, must have signed in with Twitter”[Click sign in with Twitter.. “This Twitter account is not linked to an account, please enter account details to link now”][close the tab][Later, receive a password reset email, confirming password is now a randomly generated password][sob quietly to myself]
From a product point of view, I don’t like them because I think they are ugly. I think littering your site with a myriad of other companies logos and brands is something of an eyesore, and provides suitable noise and clutter to distract from the key conversion goals of a page. Really, the only time I will sign up using these mechanisms is when they are the only option and I am already suitably sold on the product that I know I want to sign up (Medium being a good example — I would have signed up using a traditional mechanism given the choice, but I was already sold on the product so put up with the fact that I had to sign-up with Twitter).
By and large, I agree with MailChimp CEO, Ben Chestnut, and I am glad that in this case the evidence ended up being in his favor. However, I do appreciate that in other times, there is probably evidence showing them more favorably, and at times, I’m sure they can be pivotal in increasing a product’s viral coefficient or lead-conversion, rate — and in those cases, you have to go with the data.
But if I’m building something, until I see the evidence, I’m most likely going to avoid them.