[zumachase]

> Why would any company include this SDK > Is implementing a user authentication system really so complicated

"Login with Facebook" isn't popular because it saves developer time. It's popular because it massively reduces signup friction which results in higher conversion rates. These things are super important. We offer Google login with our only consumer facing app[1] and we see a solid 40% of accounts use that method vs. email. I would venture a guess that a sizable minority, bordering on majority, of those accounts would simply never sign up in the first place without some sort of SSO.

I agree with your sentiments and frustrations, but whenever something seems to be too ridiculous to be true (as this might seem to some devs) there's often something else at play.

[1] Squawk - Walkie Talkie for Teams https://www.squawk.to

[sargun]

Personally I use login with Google because: 1. I “trust” google auth - I know they won’t store passwords in plaintext or anything funny like that 2. It’s a centralized place I can use to rotate my keys 3. I can revoke accounts

Signing up via email on each site means a password manager entry at a minimum, and probably no 2FA, or brute force resistance.

[KiwiJohnno]

I never use login with Google, because if one day some automated process decided to suspend my account then I'd also lose access to all other systems I was using Google for authentication.

You're basically at the mercy of getting hold of google's nearly nonexistant support to get this resolved

[pcr0]

As a user with a $19/year Google One subscription, I find Google support quite easy to reach.

[NameDoesntExist]

Unless you get auto-suspended and end up receiving non-answers as explanations until you drum up enough twitter attention for a non-outsourced support employee to revert the decision and say "We identified an error that automatically suspended your account and have resolved the issue" a week of frustration later.

[sargun]

I also pay $dollars/year for Google. Turns out, when you start paying people money, and it becomes a legal liability for them to screw up, they act...better?

I have a one-click button to download all my data from Google (which turns out to be an absolute pain because it's in the ~100s of GB range).

[ThePowerOfFuet]

Yeah, good luck with that button after they've pushed theirs first.

[catalogia]

But will they still treat you that way after an errant classifier puts you in the wrong bin?

[bredren]

We know Facebook uses data they gather for competitive product reasons. I wonder how important Facebook’s insight into signup and login auth for upstart products (like TikTok or fortnite) was for internal intelligence on where the wind is blowing / compete / acquire targets.

FB SSO isn’t really an option for an early stage consumer product, but if it were I can see Potential benefits to the products that are succeeding avoiding sharing real-time success metrics with FB.

Presumably, Apple is also influenced by data like this via the App Store.

For example Apple probably pays attention to Autosleep and other sleeping apps in deciding to build it into WatchOS.

[wnevets]

>It's popular because it massively reduces signup friction which results in higher conversion rates

does it tho? I know that is the sales pitch but is that really the case in 2020 with facebook's login?

[eclipxe]

Yes. HN isn’t real life. Billions of people still use FB.

[wnevets]

the visitors for work definitely aren't from HN. It had such a little affect on conversions and sign ups it was later removed.

[raverbashing]

Agreed. Email/password login can end up being less privacy conscious because they might sell your email and store your pws in plaintext