Integrate Social Logins Into Your Passwordless Auth Experience

Users’ preference for increasingly user-friendly authentication has led to the widespread adoption of social logins, also known as “Sign in with…”. These methods, powered by platforms like Google, Github, LinkedIn, Apple, and Microsoft, offer a streamlined account creation and sign-in process that is preferred by users and offload account security to mature platform authenticators, while giving developers robust user data for customization. 

Social logins also lower friction for users and some case studies have shown they increase account conversions by as much as 40%. However, the technical complexities around managing identities, handling client-side nuances, and allocating resources to maintain the service have posed significant challenges for businesses. As the leading provider of passwordless authentication, Passage simplifies social login implementations, along with passkeys, TOTPs and magic links, to keep users secure without compromising on user experience.

Should your business implement social logins?

Social logins facilitate a passwordless login experience by allowing users to sign into new accounts using their existing social network credentials. This method, referred to as Single Sign-On (SSO), reduces password fatigue and streamlines the account creation process. 

Social logins work really well in the following scenarios: 

• Strong ties to a specific persona or platform: If a specific platform is closely tied with your users or the service you provide, offering that option to log in is intuitive and familiar to users, and reduces friction. For example, for a developer product, signing in with Github could be low friction. Other examples include iOS apps having “sign in with Apple” and career related sites having “sign in with LinkedIn”.
  
  
• Offloading user security: MFA and other advanced security features are built into certain platforms such as Google, Apple, and Github. Their MFA configurations and security alerts reduce the risk of user impersonation or account takeovers, especially if you haven’t built these capabilities in-house.
  
  
• User verification: If fake emails or bots are a pain point for your business, social logins ensure that new accounts are tied to valid emails, lowering the risk of bots and mass account generation.‍
  ‍
• Infrequent logins: If your users aren’t logging in regularly, it’s more likely that they will forget passwords and have trouble logging in. Passwordless alternatives like social logins lower the risk that they’ll get locked out of their account.

Why is Passage implementing social logins?

The backend setup of integrating social logins requires navigating through complex API configurations and managing and consolidating identities, which can be daunting for many businesses. Passage lowers friction and increases security for authentication, and while social logins aren’t as secure as other passwordless authentication methods like passkeys, they offer a familiar and low friction login method many users look for. Passage has chosen to integrate with Google, Github, and Apple first, as these services offer built-in measures that make them more secure.

What our solution looks like:

Passage now offers social login functionality out of the box with a single toggle in the element settings. By providing a seamless interface for businesses to connect with social login providers, Passage enables a more efficient login process, facilitating easier account creation and secure management of login information.

Key advantages of Passage's integration

• Remove need for complex client-side configurations for each provider: Passage streamlines the complexities, learning, and testing required to integrate with each platform, making it straightforward for businesses to connect with various social login providers.
  
  
• Secure Social Login Options: Businesses can now offer Sign-in with Google, Apple, and Github, with more to come.
  
  
• Developer credentials: Passage offers developer credentials that vastly simplifies testing by allowing you to test social connections without setting up your own custom credentials.
  
  
• Identity management: Passage consolidates profiles using different login methods, so that you don’t have multiple accounts created using the same emails or a lack of recognition when a user uses the wrong kind of method to sign in.
  
  
• Authentication method data provided out of the box: When a user logs in, that authentication data is immediately provided as logs within Passage, allowing your business to visualize, analyze, or export that data for authentication visibility and experimentation.

Things to pay attention to when implementing social logins

You are still responsible for your users’ accounts, and while security is offloaded to a third party, if a users’ account is compromised or they are locked out, they will still expect you to help them solve the issue. Take this into account and build contingency plans and flows in advance. 

Evaluate how comfortable your business is with sharing and using data from social providers. For example, in order to meet certain compliance requirements, you must have a process for deleting user data retrieved from social providers if requested by a user.

Limit your social login methods to one or two options. If you implement more options, it will confuse users and they’ll forget which one they used to log in. 

Some users will be concerned with privacy and data sharing between social platform accounts and your service. The best way to mitigate this is to allow for other login methods such as passkeys.

In conclusion

With Passage, you can now enable social logins such as “sign in with Google” alongside passkeys and other passwordless authentication methods. Give your users a familiar option that streamlines registration and login by allowing them to use their existing social accounts, while also getting access to robust user profile data that can be used for personalization and beyond.