Social Sign-On: The Case for Multiple Identities

Written by Brad PrescottDecember 18, 2010

There is one reality all of us are familiar with: multiple accounts. It’s hard to find somebody who is at least a semi-regular on the web surfer who doesn’t maintain multiple accounts. For example, an person may have:

  • several email accounts - perhaps one Yahoo account plus two Gmail accounts (one personal and one "family" account that is shared with family members)
  • a Twitter account for personal and business interests
  • a Facebook account  for keeping up with their social graph.
  • a PayPal account for online commerce
  • a Windows Live Messenger account for chat
  • etc.

The concept of social sign-on - basically using your social or other identity in the cloud - is exploding in popularity because it reflects the simple fact that users trust different identities for different online services, and because managing multiple usernames and passwords is a pain. This enlightening infographic clearly supports this concept that people use their different online identities in very different ways.

PayPal recently published some fascinating data:

  • The average person has 25 online accounts and 6.5 passwords
  • 66% of people use 1-2 passwords across all sites
  • The average user logs in 8 times each day

While the big identity providers would like everyone to sign-on around the web using just one (THEIR) service, there are some very good arguments for people continuing to use multiple identities.

Trust Changes

Even among big providers, the trust users place in a provider can change over time. For example, most users are reactive to privacy issues. They’re largely unaware of privacy debates until they start reading about national issues in the media or hearing second hand news from friends. The great thing about having multiple providers is that if trust in a certain provider breaks down, users always have alternatives for logging into a site.

No Key to the Kingdom

Another inescapable reality is that people sometimes share their network passwords with friends or family so they can “check out” some kind of information like a photo or post. While there’s a certain amount of trust built into doing this, most people tend to forget exactly WHERE they use this identity around the web. Signing-on to different sites with multiple providers keeps somebody who might have a user’s password from accessing everything that user does online.

New Providers Showing Up

Earlier this year, Microsoft introduced Windows Live Messenger Connect which (among other things) lets users sign-in with their Windows Live accounts. And more recently, PayPal introduced a beta program for applications to offer social sign-in with their identity. Each new identity provider comes online with a different level of built-in trust which ultimately influences a user’s decision on which identity to register or login with.

For site owners, giving users the option of signing in with multiple identities is a great option but you also want to make sure you can detect when two identities are the same person. The best approach is simply to link these identities to a single userId in the system. This way, you’ll know that the Facebook user who logged in two weeks ago is the same person who logged in with Twitter today. This will also help you build a deeper relationships with a user regardless of which identity they’ve logged in with. Their are vendors who have this functionality built into their service (see Account Linking) but you can roll out your own process in the manner that makes the most sense for you.

Social login powered by Gigya