Is there a pwd manager that tells you what social account you signed up with?
LastPass only tells me if I have email/pwd accounts for any one website. That leaves me guessing as to which SSO account I used to sign-up for that service - Google, Facebook, Github, etc.
Is there a Chrome-extension that supports this? Thanks!
Trending on Indie Hackers
Password manager author here. I don't know of any password manager that has explicit support for that, but there's usually a "Notes" field or element type you can use for stuff like that.
Having said that, if you're already using a password manager, I would advise against using the social logins for any given service. Just make use of your password manager and create a new login with a unique password for that service. Using social logins just locks you in even further and makes you more exposed if one of those services gets compromised.
I appreciate the advice and the potential workaround!
Hi @Ovi. Get this problem all the time! I find it so frustrating. Websites implement social sign in to try to make things more convenient or easy and frankly it has the opposite effect. Some websites don't actually allow you to sign in without choosing to link a social account.
In the future I'd advocate for passwordless sign in (and certainly a lessening of this social sign in option). @crowdhailer and I have developed passwordless sign in that developers can add to their websites to handle authentication. This removes the need for passwords and social sign in.
With regards to your question, in a passwordless scenario the user enters their email address to sign in. If that email address is recognised then you 'sign in' and if not, you 'sign up. In theory removing this question of 'have I signed up to this before or not?' That question also exists with passwords until you try the 'forgot password' link and the website eventuallly tells you 'there is no account with that email address'. Users can have like 150 accounts (how many do you have? I have over 300) so they're bound to forget what they've sign up to or haven't.
DID.app actually does device authentication (over and above magic links) so if you've sign into a site before and you come back, DID just authenticates with the device and you're signed in.
I honestly think sign in is the most frustrating thing about the internet at the moment.
My favorite are webapps that don't even host any meaningful data on you, yet require super complex passwords.
Passwordless is the way to go, since gmail never really signs you out (AFAICT). Platforms that provide you a link to the email provider get a +1. Those who use Gmail filtering URL to search for the subject-line they'll send you are +111 (e.g. https://mail.google.com/mail/u/0/#advanced-search/subject=Login+to+did.app)
With the exception of folks using multiple email accounts (I have five I can think of)
That is a fair comment yes. Those complex password requirements, I found a website recently that had all the password complexity rules under the sun but I was able to enter a password that would have been very easily guessed. It was Pas$w0rd - caps, regular, symbol and a number. Seemingly very complex but actually a regularly used password that is definitely on the hacker hit list.
I wasn't aware of the deep search link feature you point to there. Thanks for that.
I'll echo what @pfandrade said.
Using unique logins also has the added bonus of not directly allowing Facebook/Google/<whomever> track your use of a given website.