Can you please explain why you’re enabling social login, when there is significantevidence that social login buttons degrade usability? To summarize the two links, social logins put additional cognitive load on the person logging in, as they now have to remember what kind of login they used, in addition to remembering their specific login details. Moreover, there is an implicit assumption that people only have a single Github, or Facebook, or Google account. If they do not, then they have to go and log out of whichever OpenID/OAuth provider they were using, login to the “correct” account, and then try to login again on LessWrong 2.0.
The only advantage that social logins provide is that they free the site from having to store usernames and passwords. But LessWrong 2.0 is storing usernames and passwords anyway. I fail to see what value adding yet another login method adds.
I’m deliberately not commenting on the privacy aspects of this, as I’m sure there are other commenters who are more qualified to talk about that aspect of social logins and feel more strongly about it than I do.
I mostly don’t think the arguments for social logins degrading usability are particularly good. I personally much prefer logging in with my Google account, and end up forgetting my password on sites that allow Google login much less often (and also can generally expect my credentials to be much more secure with those sites, since I go through great lengths to keep my Google credentials safe). Hackernews was also not very convinced by that article when it came out, and in the meantime the case for social logins only got stronger. Most of my disagreements with the article that you linked are explained in that thread.
I agree with the Nascar problem, which is why our login menu does not have the relevant logos in their respective brand colors, but instead went for a deemphasized plaintext version, and while there is a very slight effect of reading the names of the relevant brands, I don’t think anyone would describe our current login menu as falling prey to the Nascar effect.
We also have an additional reason to prefer social login, and which was the reason for why I implemented this feature now, which is the prevention of sockpuppet, troll and spam accounts. They were a major problem on the old LessWrong, and continue to be somewhat of an issue on here. I might end up having to sometimes temporarily deactivate normal signup when our other anti-spam and anti-troll measures fail (such as I did yesterday), and since it is much harder to create hundreds of fake FB accounts, Google accounts or Github accounts, we can leave those signup options on, even if the normal signup is currently being spammed to death.
We also have an additional reason to prefer social login, and which was the reason for why I implemented this feature now, which is the prevention of sockpuppet, troll and spam accounts.
But how does social login prevent that? I have three Google Accounts, two Facebook accounts and two Githubs. It’s not any more work to create these additional accounts than it is to create a new LessWrong account.
While it is possible to have two to three FB accounts, and similar for Google and Github, all of those platforms are quite good at preventing you from getting 100 accounts or more. And if you do create them, it’s fairly easy to check whether something is wrong with them (i.e. whether they were just created, or had no activity on them, etc.) Yesterday we had someone generate around 100 spam accounts on here, which would have been much harder to do on any of these platforms (not impossible, but much harder). They use a variety of stuff, from IP-tracking to requiring somewhat hard-to-get-by information such as phone numbers, real-life addresses, etc.
Can you please explain why you’re enabling social login, when there is significant evidence that social login buttons degrade usability? To summarize the two links, social logins put additional cognitive load on the person logging in, as they now have to remember what kind of login they used, in addition to remembering their specific login details. Moreover, there is an implicit assumption that people only have a single Github, or Facebook, or Google account. If they do not, then they have to go and log out of whichever OpenID/OAuth provider they were using, login to the “correct” account, and then try to login again on LessWrong 2.0.
The only advantage that social logins provide is that they free the site from having to store usernames and passwords. But LessWrong 2.0 is storing usernames and passwords anyway. I fail to see what value adding yet another login method adds.
I’m deliberately not commenting on the privacy aspects of this, as I’m sure there are other commenters who are more qualified to talk about that aspect of social logins and feel more strongly about it than I do.
I mostly don’t think the arguments for social logins degrading usability are particularly good. I personally much prefer logging in with my Google account, and end up forgetting my password on sites that allow Google login much less often (and also can generally expect my credentials to be much more secure with those sites, since I go through great lengths to keep my Google credentials safe). Hackernews was also not very convinced by that article when it came out, and in the meantime the case for social logins only got stronger. Most of my disagreements with the article that you linked are explained in that thread.
I agree with the Nascar problem, which is why our login menu does not have the relevant logos in their respective brand colors, but instead went for a deemphasized plaintext version, and while there is a very slight effect of reading the names of the relevant brands, I don’t think anyone would describe our current login menu as falling prey to the Nascar effect.
We also have an additional reason to prefer social login, and which was the reason for why I implemented this feature now, which is the prevention of sockpuppet, troll and spam accounts. They were a major problem on the old LessWrong, and continue to be somewhat of an issue on here. I might end up having to sometimes temporarily deactivate normal signup when our other anti-spam and anti-troll measures fail (such as I did yesterday), and since it is much harder to create hundreds of fake FB accounts, Google accounts or Github accounts, we can leave those signup options on, even if the normal signup is currently being spammed to death.
But how does social login prevent that? I have three Google Accounts, two Facebook accounts and two Githubs. It’s not any more work to create these additional accounts than it is to create a new LessWrong account.
While it is possible to have two to three FB accounts, and similar for Google and Github, all of those platforms are quite good at preventing you from getting 100 accounts or more. And if you do create them, it’s fairly easy to check whether something is wrong with them (i.e. whether they were just created, or had no activity on them, etc.) Yesterday we had someone generate around 100 spam accounts on here, which would have been much harder to do on any of these platforms (not impossible, but much harder). They use a variety of stuff, from IP-tracking to requiring somewhat hard-to-get-by information such as phone numbers, real-life addresses, etc.