How do you keep track of “Log in with” accounts

I use Bitwarden but have used LastPass and 1Password before.

I always, without exception, will sign up with a username & password. I would never use a"Log in with". To me, if I am logging in through a different company then it is that company who has control, not me. There are tales here and elsewhere when Google has nuked someone's account. That's bad, but if you logged in with Google on other sites then you are completely screwed. Same applies to other companies.

I won't be using the Apple Passwords app.

To the people using a password manager to store the fact that they used third party login, this is some of the most perplexing behavior I've seen in a while.

It's like storing a photo of gold bars inside your basement safe.

With almost zero extra effort, you could be in control of your own keys. You already have the entire infrastructure set up to do this and all you use it for is a glorified log book?

Can someone explain this?

I used it for one account, then realized that I would never be able to keep track of which account I used for which account. Ie Google for This. Apple for that.

So I default to always looking to create a login with an email address, rather that using another identity provider. And passwords are kept and sycned with bitwarden.

I've mostly stopped using third party identity providers. They have multiple problems, but the thing that finally drove me away was bad implementations locking me out of the accounts they were supposed to protect.

The most recent example was a GitLab instance that was demanding my password before it would let me update the email address on my account. I didn't have a password, because I created the account by logging in with another site. Tech support was nonexistent. I ended up abandoning the account.

I used 1Password. When this stuff first started I would add an entry to remind me, so when I went to fill it I would see the name is "Apple SSO" or whatever. However, 1Password now supports this stuff, so it will simply take care of it.

I use 1Password. When I use a "sign in with...", it will track that I took that action, and it's saved in the vault ( even though there's not much to save :D )

KeePassX with the password field left blank and the note field containing e.g. "SSO w/ Google".

> Do you just use a password manager

Yes.

> Log in with Google, Apple

I simply don't, ever, use those options.

I almost always use Google (out of habit, many years using android phones and gmail) so I don't have to keep track of anything, although I do admit I have two Google accounts and sometimes it's a mess to organize between both (but this is my fault, historic reasons and too lazy to fix now).

To everyone worried about Google closing and not being able to login via Google... what email provider do you use? Because if Google closes Login With they might as well close or lock you out of GMail and if that's your email provider you're screwed as well right?

I worked at a huge company with Login With. Only a fraction of people used it so we didn’t have time to support the hundreds of corner cases properly. So best bet was to rip it out.

Your best move is to always set a secure password and use a password manager.

Also remember that one day Google will eliminate Login With.

And if you do login with Apple you can never escape the Apple Tax even if it declines or gets broken up.

You probably won’t even be able to move your account to a password one you’ll just lose access (another unsupported “corner” case)

> Do you just use a password manager

Yes. I recommend KeePassXC[1] or GoKey[2].

> Log in with Google, Apple

No, never!

[1] https://keepassxc.org/

[2] https://github.com/cloudflare/gokey

On Apple device: Apple ID > Sign-in and security > Sign in with Apple. You can see all of the logins and disable them if you want.

In your Google account settings look at Security then See All Connections. Can also remove those individually if you want.

I like Bitwarden. Tried all the rest. Bitwarden is really great. Plus... I'm a huge fan of how it generates passwords. Celtic-Twisted-Endowment-Petal4-Anybody

I try and avoid SSO for the most part.

I like being able to use Gmail modifiers so I can create filters if I need to block certain accounts from being spammy.

first.last+serviceURL@gmail.com is usually what I use. So like first.last+news.ycombinator.com@gmail.com. Every service gets their own alias modifier. Then if I ever need to turn it off, I can just set a filter and they're done. Plus, this way I always know who sold my contact info.

I don't use SSO services, so I don't have to keep track of that sort of thing. For everything else, I use a password manager (UPM, because it operates entirely offline).

About 10 years ago, I was using an online password manager, but it got hacked. At that time, I created this one: https://github.com/conradkleinespel/rooster

Nowadays, I use a combination of an online password manager (one that hasn't been hacked yet, as far as I'm aware) and Rooster as a backup.

I use two things:

* A password manager (PasswordStore [0]), in which I may make entries without passwords but where I indicate my ID on a given account.

* A personal wiki in which I may indicate for something that I have an account connected to e.g. Google or whatever.

When I come to some service that I vaguely remember having used before, I will find the necessary info either in my personal notes or in my password manager.

[0]: www.passwordstore.org

I occasionally use Log In With Apple, because it can provide an obfuscated email address so they don't have my real address.

I never use any other third-party authentication service. I don't want to give Google any more information than I can avoid about the sites I visit, and I've barely even used my Facebook account for the past decade+.

1Password does it automagically.

I don't.

If I'm using a third-party to log in then it's a burner account that I don't care about, and am basically using because I don't think whatever tool or site should need a log in to use.

I don't use "Log in with" accounts as I've read the horror stories of people getting locked out of their Google and Meta accounts with no recourse to fix it.

Avoid.

1password has a decent system for also tracking sign in with accounts

Regarding Google, you are wrong, luckily. There is a page in Google where you can view the associations you made with third party sites and you can cancel them.

Where you find this is:

1. Go to your Google Account (e.g. www.google.com, click on your avatar, then on Manage Google Account in the popup that appears.)

2. Click on Security in the left navigation pane.

3. Scroll down, and find a box "Your connections to third-party apps & services".

That reminds me, I did a "continue with Google" on the Scribd website the other day, only to be told I had to also give them a credit card so they would let me start the free trial to view someone else's copyrighted PDF that they have no right to sell, and that I can find somewhere else. I have to revoke the association to these scumbags.