• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
  • We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.

*goes to a random website*: "Do you want to login with your Google account?"

AuthenticM

AuthenticM

Son Altesse Sérénissime
The Fallen
Oct 25, 2017
30,102
NO I DON'T WANT TO LOGIN WITH MY FUCKING GOOGLE ACCOUNT

Anyone else find that damn pop-up super annoying? Is there a way to disable that shit? Goddamn.
 
Walter White Walker

Walter White Walker

Banned
Oct 27, 2017
21,545
Yes, it's very annoying.
I don't sign into anything with my Google account except something that is actually Google. I also never signed in with my Facebook account when I had one, which made it far easier to nuke that account from orbit.
 
Ravelle

Ravelle

Member
Oct 31, 2017
17,806
Please Accept Cookies - *sigh* alright.

SIGN UP TO OUR NEWSLETTER SO WE CAN SEND YOU SPAM. *uhg, fuck off*

DO YOU WANT TO ENABLE SITE BROWSER NOTIFICATIONS?! - Nooooo- fuck off..

You have adblocker enabled - Please disable the adblocker! - Alright, nevermind, I'll look somewhere else.

In similar annoyance, websites that nags you to visit the website in their app or sign in - like instagram- twitter or reddit.
 
Wrexis

Wrexis

Member
Nov 4, 2017
21,255
Random Painted Highway said:
I'm an old, is this good bad or indifferent regarding security?
Click to expand...
Click to shrink...

Good if done right, because you don't have another password to maintain.
The 3rd party site also doesn't have to come up with their own authentication system, which will be inferior to Google's anyway as most companies in the world don't have their budget.

But then that 3rd party site becomes completely dependent on Google etc.
 
snausages

snausages

Member
Feb 12, 2018
10,360
tbh would rather go with google oauth than create a new account for a particular website

Assuming it's a website I want an account on
 

BuckRogers

Member
Apr 5, 2018
774
Random Painted Highway said:
I'm an old, is this good bad or indifferent regarding security?
Click to expand...
Click to shrink...

My understanding is that security wise, it's actually a pretty good choice. Basically, you're relying on Google's security rather than the 3rd party's security. The 3rd party certainly doesn't see your password, they pass the auth off to Google.

It does absolutely have privacy concerns, in that Google now knows even more about your browsing, but security wise, it's good.
 
Gwarm

Gwarm

Member
Nov 13, 2017
2,157
What? I love it. Especially for deliver apps and things like that where I just want to order the food and not have to register an account, verify my e-mail, etc. It's very convenient.
 
Nameless

Nameless

Member
Oct 25, 2017
15,363
I have a burner Google account for this very reason. Exactly why I kept a burner Facebook years ago too.
 
Capra

Capra

Member
Oct 25, 2017
15,628
I was pretty much taught in my college cybersecurity course that this is actually pretty good in terms of both security and convenience. Your Google login isn't shared with the website or anything - Google just handles the security side of things so if you trust them when logging into gmail you should be fine with using your Google account for other websites.
 
krs

krs

Member
Oct 25, 2017
192
While the security is good, the bad parts about using this is that google gets more data about you of course, but also if your google account is ever banned or you lose access to it for whatever reason then you also lose access to the sites you've used google to log into.
 
Nightfall

Nightfall

Member
Oct 27, 2017
3,963
Germany
The concept here is BYOI: Bring Your Own Identity.

This means you login to a website using an account you already have. This has multiple benefits:
  • No registration necessary: You do not need to sign up to yet another website
  • Convenience: SSO (Single Sign On) will let you automatically login if you are already logged into Google.
  • Security: The website does not have or store any data used to authenticate you. Rather the request is forwarded to Google. Google authenticates you and confirms your session with the website.
It is very convenient and secure. Also Google (or Apple or whatever BYOI you use) usually let you manage all your authorized sites in one place. So you can quickly see what data was shared (e.g. name, adress, mail, etc.) and revoke anything if necessary.
 
CatAssTrophy

CatAssTrophy

Member
Dec 4, 2017
7,632
Texas
Nightfall said:
The concept here is BYOI: Bring Your Own Identity.

This means you login to a website using an account you already have. This has multiple benefits:
  • No registration necessary: You do not need to sign up to yet another website
  • Convenience: SSO (Single Sign On) will let you automatically login if you are already logged into Google.
  • Security: The website does not have or store any data used to authenticate you. Rather the request is forwarded to Google. Google authenticates you and confirms your session with the website.
It is very convenient and secure. Also Google (or Apple or whatever BYOI you use) usually let you manage all your authorized sites in one place. So you can quickly see what data was shared (e.g. name, adress, mail, etc.) and revoke anything if necessary.
Click to expand...
Click to shrink...

Yeah it's a benefit to me personally that outweighs the annoyance of seeing that screen. At least with Google it's one less layer than it would be with something like Facebook, which is an absolute nightmare if you get locked out of your account. I always hated when sites would tell me the only way I can make an account at all is via Facebook because I don't have one anymore.

Google also occasionally requires me to do a security checkup and I can go and edit what sites/apps have access to my data, and unlink any I'm not even using anymore.
 
The Albatross

The Albatross

Member
Oct 25, 2017
39,046
It's funny I used to love SSO/Authn technology 5+ years ago, I wanted every site to have it, because I didn't understand the downside or even appreciate that there could be a downside.

Now I almost always create a new, fresh U/PW, and I'm annoyed by sites that don't have that option.

There are really some positive upsides to bring your own identity / SSO / global authn / etc. Almost always more secure, usually fewer touchpoints in the case of a leak/hack (almost all SSO implementations don't actually share critical details with the downstream site, they just send a random token authorizing your login), enables technology like passwordless login, easy to manage in one place, etc. Downsides are around potential for abuse, privacy sharing details, ad tracking, accidentally sharing information you don't want to share.

There is an interesting phishing example that I read about to trick people into thinking they're logging in with google, but it's pretty sophisticated... Of course I read about it on some feed and now it's totally lost to me, but it amounted to spoofing a site and then launching a completely fake login window where you replicate the browser UI to make it look like you're authenticating through a secure site, when it's all spoofed with styles. Clever.
 
Last edited:
StarStorm

StarStorm

Avenger
Oct 25, 2017
7,601
I don't sign in with my Google account other than gmail or youtube. Same when I used to have Facebook. It made it easier to nuke it from orbit.
 
The Albatross

The Albatross

Member
Oct 25, 2017
39,046
Zaph said:
arstechnica.com

Behold, a password phishing site that can trick even savvy users

Just when you thought you'd seen every phishing trick out there, BitB comes along.
arstechnica.com arstechnica.com

and its getting worse. attackers are simulating the popup within the page
Click to expand...
Click to shrink...

Hey this is what I was referring to :)

This attack vector is pretty complex and requires either the initial website launching the modal to be hacked, or some sort of third party code to be running somewhere on the victims machine (hacked extension, some pass through from somewhere else).

It's pretty clever though and unless you're really careful would be easy to trick someone who willy nilly logs into every website out of habit.
 
OP
OP
AuthenticM

AuthenticM

Son Altesse Sérénissime
The Fallen
Oct 25, 2017
30,102
I'm sure that google login is more secure, but that doesn't mean anything when I get these pop-ups on websites that I have no intention of loging in! This wouldn't be an issue if the website asked me if I wanted to log in with my google account when I hit the login page, but that's not what happens. I get the google pop-up as soon as I enter the website, no matter the page! Like, website, chill. I'm not even going to log in at all. Just leave me alone.
 
Tigel

Tigel

Member
Oct 27, 2017
646
I use Apple login with a randomly generated email (hide my email: a feature of Apple login). Thanks but not thanks Google, you've got enough data.
 
You must log in or register to reply here.