It’s Time to End Using Social Login. I Would Know — I Helped Develop It
About 15 years ago, I was there at the beginning of social login. With absolute conviction, I knew that it would dramatically improve customer identity.
Social logins allow people to use fewer passwords — their Google, Facebook, and Apple credentials, most commonly — to sign into an ever-growing variety of online accounts.
Looking back, it’s clear that social logins indeed improved password management. But they never fully solved the problem, and instead, have introduced some new, unforeseen consequences.
It’s been a good run. But now, with similar conviction, I can say:
It’s time for social logins to go. And it’s time for passkeys to replace them.
By leveraging the same biometric authentication used to sign in to phones, passkeys offer a similar benefit as social logins — seamless authentication — but they finish the job. Passkeys can eliminate passwords.
In this post, I’ll cover the four reasons why now is the time for online retailers and brands to convert to passkeys and biometric authentication.
But first, some history and context.
The early days of e-commerce and social logins
In 2009, e-commerce was just starting to rebound following the dot-com bust a few years earlier. People were rapidly signing up for accounts with emerging e-tailers like Amazon and leading brands that were early to jump into online direct sales.
Meanwhile, social media apps like MySpace, Facebook, and Twitter were fast becoming mainstream.
I was part of the founding team at Gigya. And we saw an opportunity to solve some emerging problems relating to passwords. First, managing a growing number of accounts and passwords was becoming frustrating for users. Second, instead of creating unique passwords, people were using the same credentials across many sites — posing a security risk they didn’t fully understand.
So, we built and launched Socialize, which allowed users to sign into websites by using their identity and password from social media sites. Our first implementation was on an independent site that sold digital widgets that people could use on their MySpace profiles. With Socialize, people could sign into the site using their same MySpace credentials.
Meanwhile, Facebook was working on its own solution, Facebook Connect, which evolved into Facebook Login. And Google later followed with Sign in with Google. At Gigya, we helped a variety of companies implement different social login technologies.
And generally, it worked beautifully.
Brand leaders loved social logins because they reduced the friction involved in account creation, increasing engagement and sales. And users loved them because, as promised, social logins eased the password nuisance.
Four reasons why passkeys are now the right technology at the right time
In tech terms, 15 years is an eternity. From 2009 to today, much has changed that has caused social logins to lose relevance. Global e-commerce has increased nearly 20-fold, growing from $320B in 2009 to $6.1T in 2023.
Approximately 7 billion people worldwide have smartphones today compared with 173 million in 2009.
The digital lifestyle is no longer considered an “emerging trend;” digital is just a part of our everyday universe. Meanwhile, our digital technology continues to mature, evolve, and improve. Including authentication.
The time for social logins has come and gone. Because there is, simply put, a more sophisticated and secure technology. Passkeys are better for everyone. They offer a better experience for users managing an ever-increasing number of online accounts. And they provide many benefits for the companies that deploy them in their authentication stack.
Now is the time for companies to transition from social logins to passkeys for these reasons:
1. Consumers don’t like to be tracked online
Data has long been and will always be a key driver of digital advertising. But all too often, our digital profiles get distorted and shared with companies we’ve never heard of. And, maddeningly, every accidental click and unintended visit to a random website seems to spur a stream of banner ads — that follow us everywhere. Worse, we sometimes don’t even know the companies that seem to be following us. It can be … creepy.
The culprit: Look no further than Google and Facebook. The two giants’ business models are rooted in advertising and user data. And their social login solutions are a big piece of how our data gets shared across platforms and sites in ways that most people simply don’t understand.
With passkeys, the authentication process doesn’t involve any third party — because the user’s device is authenticating directly with the website or app. Data is not shared unknowingly and instead is kept on your individual device.
2. Apple’s policies force brands to play by their rules
Apple effectively forces its way onto sites and apps by using its own App Store policies. Any application that includes another social login — e.g. Google or Facebook — must also include Sign In with Apple to be approved and published in the iOS App Store, as Apple is the only viable option that meets all of its terms shown below:
So, if you want your app to leverage social logins — and you want your app to be available for the billions of iPhone and iPad users — you have to include Sign in with Apple. And of course, if you include it with your app, you need to add it to the website, too, because users will want to be able to sign into your service on their computers, too. This pressure to put all the social logins everywhere led one of our customers, a major sports brand, to make the switch to our passkey technology.
3. Brands often lose access to customer email addresses
If you are an iPhone/Mac/iPad user, Apple’s sign-in solution replaces user email addresses with proxy emails. And unless users give permission to share it, their email address is never shared with the site or app they sign into.
But — and it’s a BIG but — by discouraging users from sharing their email address, Apple prevents brands from having a direct relationship with their customers. So, while Sign in with Apple makes it simple for people to log into accounts and services, brand leaders can’t tap into their own customer data. They won’t be able to execute loyalty and customer marketing programs that drive increased revenue and improve performance in key metrics like customer lifetime value. Without email addresses, customer service organizations won’t have any information about the customers they try to serve. Meanwhile, switching a Sign in with Apple account to an email-based account can also be difficult.
Moving to passkeys gives brand leaders total control over their user experience and their own customer data.
4. Sometimes social logins just don’t work
While they simplify the login process, social logins are actually fairly complex in their implementation. Anytime one website makes an API call to another site, there’s a chance that a connection may fail. The data connection between a standalone iOS or Android app and a web sign-in page on Google or Facebook is even more fragile.
And assuming that the technical process is working, the user experience can still be frustrating. If I’m on my phone, and want to sign into an app with Facebook as my social login, then I still have to remember and enter my Facebook credentials. Even if I’m already logged into the Facebook app on that same phone.
Meanwhile, that technical complexity comes at a cost. If any of the dependencies in the ecosystem change, the authentication may break and lead to a spike in customer service inquiries. And of course, for each change in the ecosystem (like the one below), developers need to burn precious time updating the authentication process and re-testing all the possible use cases.
Transitioning away from social logins and into passkeys removes a lot of dependencies and unknowns that can give developers and product leaders headaches.
An evolution in authentication, not a revolution
Social logins worked well for almost 15 years. They improved upon a fundamental UX problem.
But our industry has now solved authentication in an even better way. We’ve evolved.
Instead of managing a handful of social logins, users can simply log into sites with their device’s facial recognition or fingerprint sensor. Developers don’t need to worry about whether APIs from social logins might be updated or fail. And brand leaders can access their customer data to personalize experience, build loyalty, and offer better customer service.
I’m proud of the work we did at Gigya implementing social login. We took a big step to improve user experience and authentication tech. But it’s time to move on from social logins. Passkeys are simply better.
Rooly Eliezerov is the Co-Founder and Chief Product Officer of OwnID, founded in 2021 to reinvent consumer authentication. Formerly a founder at Gigya (acquired by SAP in 2017), Rooly has played a pivotal role in the evolution of the identity & access management market for decades.