Never. I always use my email login details. I keep Google at arm’s length as much as possible.
3 Likes
Exactly. All the security advice is never share passwords across sites. Using a Google or Facebook login specifically goes against that advice.
To bring this point out explicitly: Almost no users will actually verify the truth of this statement. It may be true. It may not be true.
Unless you verify it as true, there is a risk that the web site does then immediately learn your Google password, and you just gave it your access to a whole lot of other web sites.
This comes about in two different ways. 1. The web site is simply dodgy. 2. The web site gets compromised i.e. was not dodgy at the time you signed up but subsequently becomes dodgy, most likely unintentionally.
So
security / privacy v. convenience trade-off, as you wrote.
… and getting too old to remember how the ‘code’ works. 
Along similar lines, there is also the question of what happens when you die and your executor has to make head or tail of it all. This can be dealt with but only if you plan for it. (If you have not planned for it, in theory this might make Google / Facebook superior because you only have to persuade one company that the user is dead and that you are the executor but meeting the legal requirements of faceless multinationals can be difficult.)
The slight downside of that approach is that a spammer can readily derive the underlying real address from the generated unique address.
1 Like
I don’t trust 'Google or Facebook for anything. I don’t use anything such as these for passwords, i.e. Google or iCloud whatever.
I have been hacked twice, the first-time items purchased on PayPal, the second when a phone call was enough for Optus to give control over my email to someone else.
I now use a password manager for everything, no password is the same, none are easy, numbers symbols letters as long as your arm.
You only need to get burnt once, sadly I was twice. All ok in the end.
1 Like
Never, I use my email or endeavour not to give any information at all. The whole signing in thing for random purchases seems so silly.
3 Likes
Well no that is incorrect. When you use the OAuth 2 protocol, which is what is used for a Google or Facebook userid logon to a site, the Web site is given a token from, in my case Google, and no password is involved.
If you are suggesting otherwise, then I do direct you to the Internet standard which governs this method of authentication.
2 Likes
Always sign in with email (a secondary address) unless I believe the site is not important enough to need signing in, then I exit and go elsewhere.
Two-factor authorisation has already been mentioned and this is a real bug-bear. It assumes universal, and unique mobile phone use. Ironic when many security experts now consider phone numbers as insecure for 2FA. I withdrew from a significant investment platform because they could not provide an alternative to mobile number as 2FA, and have another non-financial site which I will be closing soon if they do not adapt to the real world soon.
1 Like
I think you are missing the point. Take a look at the screenshot in the original post and imagine clicking “Sign in with Facebook”. The screen will presumably change in some way to solicit your Facebook username and password.
How many users will verify how the resulting form is working ? (You probably can’t verify that it is using OAuth 2.)
You can at least verify that it is a secure connection to something in the facebook.com domain but if it stayed as a secure connection in the original domain or changed to some other unexpected domain or went to facebοοk.com ⇐ check that domain very carefully 
, would you notice? (Maybe you would.) How many users will notice given that they are being trained just to login with their Facebook username and password?
Once you have handed over your Facebook username and password to a web site other than the real facebook.com, that web site can use man-in-the-middle to authenticate with Facebook (so that if you happened to make a typo then you will correctly get an error) and, if authentication succeeded, the bad web site will store the username and password somewhere for future malicious use.
I have had similar issues. I had needed to employ an intermediary for an investment problem. They required logon and mobile phone access to obtain authorisation. I do not need or want a mobile phone except as an emergency for when my NBN mediated “landline” goes out - which is rare. For that purpose I have an antique 3G flip phone whose battery is weak. To preserve the battery I leave it turned off and do not give out the number as anybody calling it will not get through except on the odd occasion it is on.
The intermediary organisation flatly refused to consider any other way of authentication. So I reluctantly I fired up the flip phone, charged it and went along with their nonsense. As soon as some essential transactions are complete I will be ditching them. My bank uses 2FA and finds it no problem to robotically call the landline to speak codes in my ear instead of sending a text.
To me this is an example of technology being used for the convenience of the vendor not the consumer.
1 Like
My bank has the same arrangement, which has existed for many years. It works beautifully.
I don’t deny that for some people who keep their phone in hand constantly, and whose connection works completely reliably, using their number can be convenient. The issue is not offering a second option when a mobile is not a viable option.
2 Likes
Some tech companies (such as Google and Facebook) allow for you to establish what will happen when you die. So if you have not been active for x months, you get a reminder. If you remain inactive, your nominated person or people get access to your account for a specified amount of time before it is closed forever - or you may simply nominate that nobody gets access and it is just closed. I think Facebook even gives you the option of publishing your death notice or something.
I have a few things in place for when I die. One or two are of the automatic kind as outlined above, but several more are more along the lines of ‘in case of fire, break glass’. And then there are all the accounts that will never be closed because there is no real value in notifying the CHOICE Community that I am dead.
Of course, if you think about our digital lives over the long term, then in a couple of hundred years if some of these entities including Facebook and Google are still around they will have an awful lot of old cruft that is just taking up storage space and processor cycles.
Edit:
There are a few ways of verifying that you are being taken to Google or Facebook to confirm your login.
The most obvious one is where you are presented with your user name. How did [insert random website] know your user name?
You can also check the URL to which you have been directed. If it includes - after HTTPS://www. either google.com or facebook.com then you can be confident that you are not being phished.
There is one exception to the second means of verification: if the sign-in page produces a popup window, it is possible for this to be forged i.e. look like a legitimate web page pop-up but be drawn in the current window. To confirm that it is a valid pop-up, simply move it outside the boundaries of the current browser window. If it can be moved outside of those boundaries it is legitimate - if not, you are being phished.
2 Likes
Be careful! Not having a mobile always on is considered clandestine activity.
In the bastion of democracy France, a group of friends were entangled in the justice system for over ten years because they allegedly refused to use mobile phones (their was bad reception their). This episode finished in 2018, less than four years ago and a movie has recently been released Review: Drop it - Cineuropa
On the other hand, authorities have rejected this positive image of the group, instead describing them as an anarchist terrorist cell who sought a rural location as a base of operations and who shunned cell phones in order to avoid detection by authorities.[2][g]
1 Like
If I only want to source info and don’t want to use the site regularly , I get out and find an alternative site.
I couldn’t do the poll as there was no click out and go to another website
1 Like
I usually leave the site. Not that desperate for particular information or service. I used to follow up by letting them know I don’t sign up with google/ Facebook and if there’s not an alternative I won’t return.
2 Likes
This is sadly true, @syncretic. Intelligence services are specifically targeting mobile phones that appear and disappear on the network. However I would hope that this would only be in conjunction with some other information that leads you to being a “person of interest”. There is of course no transparency or oversight on this question.
describing them as an anarchist terrorist cell […] who shunned cell phones in order to avoid detection by authorities
Maybe that’s why they are called “cell phones”. 
However, sacré bleu, such a phone would never be called a cell phone in France. It would be a mobile phone, as is also more Australian.
1 Like
I sign in with Google a lot but not Facebook, Most of my passwords are made, and I use Firefox as well I think I have only about three passwords that I sign in with Google. Plus they are looking at you everywhere, My husband use to make a lovely smooth drop of whiskey, and so I put an add up to sell all the stuff On Facebook then a knock on the door it was two police man they had seen the add, and they wanted to confiscate the glassware my husband had, My husband passed away in November, so I was trying to get a bit off money together to help with bills Anyhow they said the drug dealer love that sort of glassware, So I let them have it and Signed for it as well, and A day latter a friend told me that i was not breaking the law, and they had no right to do that, All I know is I just don’t want drug dealers getting hold off it and making shit that kills our kids and grandchildren, So I let them have it So the point is they are watching everything But i have nothing to hide So I do not care, As I never broken the law in My life.and I am 69 years old.
2 Likes
The reason they are called ‘cell phones’ in some less sophisticated corners of our globe is because they rely upon a cellular network architecture.
I am often annoyed at the differences in English as she is spoke, but it turns out that many of our differences do have a sound historical basis. Aluminum vs. aluminium, for instance, came about because the people originally deciding on the name couldn’t make up their minds. Aluminum was an earlier version of what most of the English-speaking world now calls aluminium.
I hate to break it to you, but you have almost certainly broken laws that you did not even know existed.
2 Likes
Never, ever sign in with anything but an email address. I have my own domain name, so in the vast majority of cases would create a site specific email address and give minimal details. If I have doubts or suspicions about the site I use one of my pre-prepared spam magnet email addresses not tied to my domain.
2 Likes
NO…prefer to overview before keeping…
