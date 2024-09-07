SSO effectively creates an account via Google (or any other account you use), minus the username and password. In place of credentials, Google authenticates your identity via an access and ID token, granting entry. You can give permission to provide the information the service needs, and nothing else; permissions, depending on which account SSO you use, can be modified in the future without revoking login access. Future visits will use the same token.

You may have noticed that anytime you accidentally try to login with an email, the service redirects you to use the SSO sign in button. This is proof that a bad actor wouldn't be able to compromise that account with a typical brute-force password attack; they'd have to break into your SSO account instead. If you choose to ditch your password in favor of a passkey, the threat of a compromised password is off the table altogether.

SSO arguable replaces whatever weak security a website has with Google's top-of-the-line security. You also potentially have more control of your SSO account's data, since you grant permission for the website to see only what you wish it to see and can unlink that data at will. Finally, SSO would allow you to make multiple accounts on the same website (in the rare situation you need to) with greater ease; you just click the SSO button for Google, Facebook, and others separately. But that convenience and security comes with some caveats that aren't immediately obvious.

