avoid “sign in with Google” (probably not a good idea in general, anyway)
Why? A security system where I demonstrate my identity clearly to one party I trust (using password + security key) and then they authenticate me to other sites (sign in with Provider) is a lot better than having accounts on each of these sites where either (a) they’re just a password—risky or (b) I have to visit the site to re-enroll security keys if I lose+replace one.
I guess my personal aversion to signing up with google is that you give your real name to a service you might not want to know your real name and everything else associated with it. It might be that google only authenticates you without passing any other information to the provider, but this is not at all clear to me, even if so, and I would probably need to trust an advertising company to act against their best interests.
Why? A security system where I demonstrate my identity clearly to one party I trust (using password + security key) and then they authenticate me to other sites (sign in with Provider) is a lot better than having accounts on each of these sites where either (a) they’re just a password—risky or (b) I have to visit the site to re-enroll security keys if I lose+replace one.
I guess my personal aversion to signing up with google is that you give your real name to a service you might not want to know your real name and everything else associated with it. It might be that google only authenticates you without passing any other information to the provider, but this is not at all clear to me, even if so, and I would probably need to trust an advertising company to act against their best interests.