[taylonr]

I see this as two problems. 1. Too many options. They even mentioned it "Did I log in with Facebook or Google or Twitter or what."

2. Having both social & native logon.

You could actually solve both by either 1. Only using native logon. or 2. Picking one (maybe 2) social logins.

I went with #2. Granted it was on a small test site, but the trade off of managing customer logins sucks. I'd rather have google get busted for getting hacked than for my little SQL DB getting attacked.

The way I look at it, I have time to write code and secure it to the best of my ability. However, Google and other social logins have whole teams that can manage security and keep up to date with the latest technology etc.

So there is more to social logins than the actual act of logging in. And some of the problems listed aren't really with social logins, but rather with a particular implementation.