How to store websites that use social login?

I was trying to find the password of a certain website today only to figure out that I had actually used its Google signin feature to login earlier. This particular site has multiple social providers as well, so it's likely I would forget this again.

How do you guys save websites like these in 1Password? I was thinking of creating a secure note for each social login provider I use.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:How to store websites that use social login?

Comments

  • It depends how the login page appears.

    Can you not copy and paste the URL of the social login page into 1Password or does it regenerate a new URL each time?

    Ideally you should sign-up directly to the website with a unique username and password as it makes you much more secure in the event of data comprise by the website in question. It also increases your privacy because a third-party provider doesn't have access to your Google account details (which they do at the minute).

  • Personally, I wouldn’t use my social media login to log into other accounts. Those other accounts get breached, now these people have your login to the social media accounts and any other account that uses the social media account as a log in.

    Just as @darrenNZ says:

    Ideally you should sign-up directly to the website with a unique username and password as it makes you much more secure in the event of data comprise by the website in question. It also increases your privacy because a third-party provider doesn't have access to your Google account details (which they do at the minute).

  • Can you not copy and paste the URL of the social login page into 1Password or does it regenerate a new URL each time?

    The URL is deterministic, and I can definitely create an entry in 1Password for that URL, but how do I remember that I was using Google login for that site? Maybe I can add a key/value pair like Provider: Google to the entry.

    Regarding not using social login in favor of username/password - I agree that having username/password is more convenient, but I don't think that imposes a big security issue as most sites only require your email/profile picture from the social provider? If it asks for more permissions, I would definitely not authorize that.

    Unfortunately there are some sites that only offer social login, and there are others which I have naïvely registered in the past with social login (even when a username/pw login was available), but I cannot switch now coz if they don't have account linking it'd be like signing up for a new account.

  • brentybrenty

    Team Member

    @tham: So far we haven't found a good programmatic for 1Password solution that doesn't potentially break things across the various versions, platforms, and browsers we support. However, this is a handy trick I stole from lil bobby:

    1. Create a Login item for the website and only set the username, using a phrase that informs you of which login credentials you need to actually use. For example, one of mine says "Use your Google account, fooh!" You, of course, can be more or less self-deprecating as your taste (or in my case, lack thereof) dictates. ;)
    2. Then set the submit option for just that Login item to Never submit. That way, when you try to fill it, your past self will gently (or not) remind you that you need to click "Google" or whatever.
    3. Also, you can edit the Login item in 1Password to add the icon for the service you'll use as a visual indicator. For example, edit your Google login to copy (⌘C) its icon, cancel the edit, edit the intended target, select its icon, paste Googles (⌘V) to replace it, and save the changes.

    Cheers! :)

  • Thanks @brenty, the self-deprecating message that doesn't submit makes sense. I might end up adopting this.

    By your third point, do you mean replace the site's icon in 1password to the social provider's icon?

  • BenBen AWS Team

    Team Member

    @tham,

    On behalf of brenty you’re most welcome!

    By your third point, do you mean replace the site's icon in 1password to the social provider's icon?

    Exactly. So if you were going to need to login to ‘brentysawesomesite.com’ with Google when you open the 1Password extension you’ll see the Google icon, instead of the ‘brentysawesomesite.com’ icon, as an additional visual indicator that you need to use your Google credentials.

    Thanks! Merry Christmas!

    Ben

  • Got it, that makes sense. Thank you very much and merry christmas!

  • BenBen AWS Team

    Team Member

    You’re very welcome. If we can be of further assistance, please don’t hesitate to contact us. Merry Christmas. :)

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file