Google+ Sign-In, Google's new app authentication platform
Many websites, apps and services make use of authentication platforms that are provided by third parties such as Facebook or Twitter. Facebook Connect or Twitter Login offer several advantages over first party sign in technologies. Sign-ups do not take this long after all, it is usually not required to verify an email address or phone number, and the service or app a user creates an account for does not store the user's password in its database. While comfortable most of the times, some users dislike the privacy implications as information are shared between the application sign in platform and the app or web service.
Google today announced the launch of Google+ Sign-In, a platform by Google that makes available similar authentication options for apps or web services. The platform on the user side of things works very similar to Facebook Connect and other authentication platforms.
Websites and apps present an option to log in with Google instead of signing up or logging in with an account that needs to be created on site by the user. The example above highlights how Fitbit makes use of Google's new authentication platform on the company's login page.
When you use Google+ sign-in for the first time on a site, you are presented with a permissions screen that details what the application would like to get permissions for. Next to each item is an icon that you can click on to display additional detailed information about the permissions.
Some items can be modified on the permissions configuration page. In this case, it is possible to remove the permission to access users you are connected to on Google+, and to block the app from informing people in your circles that you have just signed up for that service.
Manage Google app permissions
Google users who make use of the new sign-in platform find a manage apps page on Google+ that they can use to edit the visibility of apps, disconnect the app from the Google account, view the application's activity, or delete all activities.
Video overview
According to Google, the company has focused on four key principles for this initial release of the platform:
- Simplicity and security first: Like signing up for another Google service, plus the permissions page. It is easy and convenient to register for services on the Internet using Google+ Sign-In. As far as security goes, all security features that Google is making available, like 2-factor authentication, are also available here.
- Desktop and mobile support: When you sign up for a service using Google's platform, you will now receive an option to install the Android application the service makes available right during sign up, provided there is an application available.
- Selective sharing: Google promises that apps won't spam your Google+ stream. It remains to be seen if this promise can be kept.
- Interactive sharing: When you share contents on Google+ from one of the apps you used Google+ Sign-In with, friends may see interactive posts when available. When you share a song, friends may have options to play that song right away.
You may want to check out Google's announcement over at the official Google Plus Platform blog for additional information and screenshots.
Advertisement
I just don’t get this whole sign in with existing accounts deal. I’ve never been a user of social networking services anyway (sad way to spend a life IMHO.) But even if I was, I wouldn’t be at all keen to use that same username and password to sign onto unrelated sites and services. The idea seems ludicrously dangerous to me.
Or am I missing something?
Let me try and explain the concept. The idea is that it does not really matter if you only use the account for one Internet service or many. Attackers have only one attack vector – the service the account was created at – which is different from using the same username and password combination on different sites.
While no login is 100% secure, it is fair to say that big companies like Google or Facebook have the resources and means to make it harder for attackers to steal the data.
How can I work this with my 5 Goggle accounts? [lol]
I don’t like this! Google is getting just like FB. They want you to have only one account using your real name. “Don’t be evil” my arse!
You can still use one of the accounts for those sign ups, but I agree, Google’s hunger for data is insatiable.
Nope. Because Google uses one cookie. So if you try to login to another Google account, you will be kicked out of whatever account you are in.
Which is why I use one account for Google Reader in FF and I use IE to access my Gmail accounts.