We’ve all been there: you land on a new website or digital service, you’re curious to try it out, and then—bam—you hit the “Create an account” wall. Suddenly you’re typing in your email address, inventing yet another password, and hoping you’ll remember it later. Unless you’re using a solid password manager that can generate and store credentials on the fly, this process is tedious.
This friction is exactly why so many organizations offer social logins—the “Sign in with Google,” “Continue with Apple,” or “Log in with Facebook” buttons you see everywhere. They promise a smoother experience. But as with most things in tech, the story is more nuanced.
Let’s unpack why companies push social logins, why you might choose to use them, and why you might want to think twice.
Why Organizations Love Social Logins
Companies have a strong incentive to get you to create an account—not just so you can access their service, but because having an account lets them track how you interact with their platform over time. The more consistently they can identify you, the more data they can collect about your behavior, preferences, and usage patterns.
The problem is that traditional account creation introduces friction. Every extra field you have to fill out increases the chance you’ll abandon the signup process. Social logins solve that problem elegantly. With a single click, you’re in.
But the real appeal for organizations goes beyond convenience. When you use a social login, the service receives verified information about you—your email address, your name, sometimes even your profile picture—without you having to type anything. This makes onboarding smoother, but it also gives the company a reliable, persistent identity to attach to your activity on their platform.
In some cases, an account is genuinely necessary to deliver the service. In many others, it’s simply a way to gather more data about users. Social logins make that process easier, faster, and more effective for the organization.
Why You Might Choose Social Logins
The appeal is obvious: it’s fast.
Instead of creating a new username and password, you click a button, approve a prompt, and you’re in. No password reuse. No forgotten credentials. No hassle.
But there’s also a technical advantage that many people don’t realize: social logins don’t actually pass your password to the website. They rely on cryptographic tokens, not shared credentials.
Here’s what happens behind the scenes:
1. The website redirects you to the identity provider
You click “Sign in with Google/Apple/etc.” and the website sends you to that provider to verify who you are.
2. You authenticate with the provider
You log in there—or you’re already logged in—proving your identity.
3. You approve what information will be shared
The provider shows a permission screen listing the data the website will receive.
4. The provider creates a token and sends it back
This token is a digitally signed piece of data that says:
“This user is verified, and here’s the information you’re allowed to know.”
It does not contain your password.
5. The website logs you in using that token
The website trusts the token and grants you access.
This entire flow is powered by the OAuth protocol. If you want a deeper dive, this short explainer is a great starting point: https://dev.to/igventurelli/demystifying-social-logins-how-oauth2-powers-seamless-authentication-4bn1
Why You Should Reconsider Using Social Logins
Convenience is tempting, but friction isn’t always bad. In fact, a little friction can be a gift.
Before clicking “Sign in with Google,” ask yourself:
Do I really need an account here?
If it’s a one‑time purchase or a service you’ll rarely use, the guest checkout option is often the better choice.
But there are deeper concerns:
1. A single point of failure
If your social login provider is compromised, every connected account is at risk.
To be fair, major providers use strong security measures like MFA and passkeys, so this scenario is unlikely—but not impossible.
2. Extensive data collection and tracking
This is the big one.
Your social login provider can see:
- which websites you log into
- when you log in
- how often you return
- sometimes even what you do on those sites
This allows them to build extremely detailed behavioral profiles. Those profiles can be used to target you with ads or shared with third parties. The infrastructure behind identity providers is complex and expensive—offering it “for free” isn’t an act of charity. It’s part of a data‑driven business model. For a deeper look at how this dynamic has been discussed historically, this (older but still relevant) Forbes article is worth reading: https://www.forbes.com/sites/sungardas/2015/12/22/5-it-trends-to-help-you-plan-strategic-change-in-2016/
A Better Alternative: Embrace the Friction
Instead of handing more data to large tech companies, consider using a password manager and creating accounts the traditional way. Yes, it takes a few extra seconds—but you retain more control over your digital footprint and reduce the amount of behavioral data being funneled into advertising ecosystems.
Signup friction isn’t a bug. It’s a moment to pause and decide whether you truly want to commit to another account—and if you do, you can do it securely without feeding yet another data pipeline.
If you want to learn more about how to manage your personal accounts, you can please check out this blogost, I’ve written on that topic: Structure and secure your Internet accounts
Checklist
- Only create an account when the service is truly necessary for you.
- Use guest checkout for one‑off interactions to avoid unnecessary tracking.
- Prefer a password manager over social logins to keep control of your credentials.
- Avoid tying many services to a single identity provider to limit cascading risk.
- Choose traditional logins when you want to minimize data sharing and behavioral profiling.