As a self-proclaimed privacy enthusiast, I recently found myself embroiled in a heated discussion on Reddit. The topic? My decision to continue using Google's "Signin with Google" feature despite my privacy concerns. The responses were varied, but the majority seemed to advocate for the use of password managers instead.

The Great Password Manager Debate

My rebuttal to the suggestions of adopting password managers was met with skepticism. Here's a breakdown of my perspective:

1. Security Quandaries

• One common argument in favor of password managers is their supposed security. However, history has shown that even prominent platforms like LastPass and 1Password have fallen victim to breaches. Trusting all your passwords to a single service can be a risky proposition.

2. Dependency Dilemma

• I value minimizing dependencies in my digital life. Each additional service introduces a potential point of failure or vulnerability. Yet, password managers inherently require us to rely on yet another service, contradicting my preference for simplicity and security.

3. Syncing Woes

• Maintaining consistency across multiple devices is essential in today's interconnected world. Yet, syncing passwords across platforms with a password manager can be cumbersome and prone to errors.

4. Platform Compatibility

• Not all password managers seamlessly integrate with every platform or browser. This lack of universal compatibility can lead to frustration and inefficiency in daily usage.

5. Self-Hosting Hurdles

• Some advocate for self-hosting password managers as a solution to privacy concerns. However, this presents its own challenges. Managing a self-hosted solution requires technical expertise and introduces additional security considerations and investment on premises.

The Case for "Sign in with Google"

Conversely, opting for "Sign in with Google" presents its own set of compelling arguments:

1. Convenience

• Simplifying the login process, this feature alleviates the burden of managing numerous passwords, thereby enhancing user convenience.

2. Autofill Mitigation

• One aspect often overlooked in the debate is that "signin with Google" does not autofill fields, thereby mitigating related attacks. This adds a layer of security compared to password managers, which may automatically fill in sensitive information.

3. Google Ecosystem

• For those deeply entrenched in Google's ecosystem, reliance on password managers may prove counterproductive, only serving to increase the attack surface.

A Better Option?

Well, it exists but not adopted by many.

I'm talking about SSO with Proton Mail. Yeah, that's not a bluff and is possible via SimpleLogin .

Conclusion

While password managers offer a more ostensibly private solution by decentralizing authentication, they introduce a litany of challenges and vulnerabilities. Conversely, "Sign in with Google" may boast enhanced security and convenience owing to its widespread adoption. However, the optimal choice hinges on individual preferences and priorities.

By no means does this post advocate for any corporate entity. The analysis is solely based on evaluating the merits and drawbacks of different authentication methods in the pursuit of privacy and security.