Social logins: are you trading privacy for convenience?

Have you ever tried to add a comment on a blog post and BAM, you're hit with a login wall? Just the other day I was reading an article on Medium, an online community blogging platform, and was prompted to login as soon as I clicked in the comment box. This barrier didn’t always exist. I remember a time where anyone could freely comment without the need for an account. However, bots, spammers, and trolls have taken advantage of this anonymity and as a result, account verification became a requirement in order to contribute. In some cases, comments sections have been completely removed.

I hadn’t commented on a Medium post in quite awhile, so as the registration form stared me in the face, several questions floated through my head. I thought to myself, do I even have an account? If I don't, is it worth creating one just to use this service? If I did have an account, what email address would I have used? Was it my personal email or my work email? What password did I use? I guess I'll just reset my password and see which email address it accepts...

But this login form was different. It permitted the use of social logins. Social logins are a single sign-on technology that allow users to authenticate themselves using credentials from a social media account rather than using a separate ID and password on each website1. As an alternative, they seek to minimize the pain of remembering multiple email and/or password combinations. They also give websites and applications the freedom to focus on developing great content and experiences by outsourcing their authentication needs to larger, more established services (and assume the associated security risks).

A walkthrough of my social login experience

Let’s look at a recent encounter I had with social logins. I had been reading an interesting article on Medium and simply wanted to comment on it.

Commenting on an Article on Medium with Highlighted comment block

As soon as I clicked in the "Write a response..." field at the bottom of the page, I was prompted to sign in or create an account. While the interface indicated I could create a traditional account (email/password combination), really the only option I had was to login with Facebook or Twitter.

Sign in to Comment on Medium

(UPDATE: Medium has since reverted, and email/password logins are an option again.)

My social login experience

I thought to myself, "why not?", and clicked on the "Sign in with Facebook" button.

Facebook Login through MediumA sign-in form appeared that looked very similar to the regular Facebook login. After I filled it in, I pressed "Log In".

Privacy Facebook with Medium

Privacy Facebook (Tooltip) through Medium

Next came the first indication as to what a Facebook login actually entailed. Medium wanted access to my entire Facebook friend list. Why would they need access to this list? What do they plan on doing with this information? I decided to edit the permissions, hoping to uncover some answers (or see if I could deny it).

Terms of Login Edit Info You Provide through Facebook

From a UX perspective, the rule of thumb for form design is to only ask for information you really need. Several permissions they requested were reasonable, while others gave me pause:

  • Name: Typically asked for on an account signup. OK by me.
  • Profile Picture: Could I change the photo?
  • Age Range: The generic age range of 21+ is OK by me.
  • Gender: Unsure why this is relevant.
  • Other Public Info: What is that? And why do they need it?
  • Friends List: Why do they need access to my entire friend list for me to comment on a blog post?
  • Email Address: Typically asked for on an account signup. OK by me.

Ultimately, I aborted the process because I didn’t feel comfortable giving Medium that much of my personal information. Everyone has different comfort levels when it comes to parting with their information and in this case, they lost out on a comment.

Should you use social logins on your site?

The answer is... it depends. Here are three benefits as well as four important questions to ask if you are thinking about implementing social logins on your website or application.


  1. Decrease the number of failed login attempts. Remembering the credentials for a social login service like Facebook, Twitter, Google+, etc. is easier than remembering credentials for a service that is used less frequently. This could translate into much less use of the dreaded "Forgot Password" link.
  2. Increase the ease and speed of the sign-up and login process. You’re typically directed to a familiar sign-in form for the Social Networking service. If you are currently logged into that service, you can often sign in with one click.
  3. Help your users log in by meeting them where they are. With some analysis of your audience, you can tailor the login options to fit them. This saves from having to offer a multitude of options if your audience only uses a select few social networks.

Questions to ask yourself

  1. What business problem are you trying to solve? MailChimp introduced social logins and noted a 70% decrease in failed login attempts. But after further analysis, the decrease was found to be mainly due to better error handling, which was introduced at the same time as social logins. In reality, they found that only a 3.4% decrease in failed login attempts were attributed to social logins. MailChimp has since dropped social logins, as it wasn't solving the right problem.
  2. What additional information do you need from your audience and why? People can determine what information they share when they sign up. Some information is mandatory and some can be optional. People tend to be more willing to share additional information if they know how the information will be used and how it might benefit them.
  3. Are you trading one set of problems for another? People can forget which username/password combination they used on which site. Switching to social logins means it's likely that people will choose their most-used social network for the majority of their services. This works great until they run into a service that doesn't supply their preferred social network as an option. They’ll need to remember which social network they used for which service; which is effectively the situation to avoid in the first place.
  4. How are you going to manage the creation of multiple accounts? With a single-click social login, your audience might forget which service they used, leading to the potential for multiple accounts. Will you provide some type of account merging option to clean up these accounts?

Which approach is the best one?

There's no easy answer for whether you should or shouldn't integrate social logins on your site. It comes down to factors around your business, your customers, and your customers’ goals and needs. We've outlined some of the potential benefits and highlighted larger questions to ask. If you have more questions about social logins, get in touch with us.