[thephyber]

Google, Facebook, and Twitter certainly wanted to (1) be the central source of identity and (2) hook into many/most 3rd party site logins.

But SSO/OAuth in general has far more tradeoffs. It outsources the difficult task of managing passwords (including hashing and storing), 2FA, password resets, etc. SSo allows the end-user to trust a few mega companies that have comparative advantage around security, and also benefit from having to maintain fewer credentials.

[red_admiral]

The "central source of identity" idea is not inherently bad, and for the majority of non-techie people, might actually be a net plus. I also trust google more to not have an SQL injection vulnerability on the login page than some random little shop.

I just wish it didn't come bundled with tracking.

And then there's the risk that if google's algorithms thinks you did something naughty, you get locked out of everything.

[thephyber]

I wholeheartedly agree with your last paragraph. The consequences of being banned/blocked by your IDP and the inability to contact customer service are both severe. Also, it seems like you have to choose wisely as it’s not clear that most websites support you changing your IDP.