The sheer number of online accounts one must keep track of is considered by many to be a problem. A username and password for each site can seem daunting, I won’t even try to deny that.
However, the alternative being brandied about right now is to just use Google as the main identify provider. This might seem like a noble goal, to have a single authority as our online identity, but besides the problem of having a single company with so much power, I ran into another issue this week.
Using a single provider encourages people to hand their information out to any site that asks for it. As a “technology person”, I know that I should look for Google’s OAuth login and check what the site is asking for access to and to be discerning … but does everyone care that much?
When that is encouraged, then when a scam site asks for those credentials, people are trained to hand them out without thinking too much about it. It is a similar situation to just click through the installation screens on Windows without reading what it is that is being installed … except the scammers get your username and password and, in the case of your email, access to almost everything else from there.
That is a dangerous precedent to set in the same of ease-of-use. Sometimes we need to ask if it is worth it.