Grumpy Website


I used to be a huge fan of “Log in with” buttons. Hey, I don’t need to create an account! I don’t need to invent and remember a password! Developers don’t need to manage my account details, Google/Facebook take that headache which which is also probably orders of magnitude more secure.

Then the first problem hit me: I couldn’t remember which of the buttons I used because I had all the accounts. So I made a rule to always log in with Google (I think, I don’t remember). What if Google is not among the options? Well lucky guess then.

Then Facebook became assholes so I removed my account. Google followed shortly (I still have the account but prefer not to use it if I can). I still have twitter but how long before they turn into user-spying crap? Or run out of money? Nobody knows. So I stopped using those buttons altogether.

Morale? If you’re a developer, always let users login via email. It’s not hip, it’s our last hope to keep internet vendor-neutral. Complicated, you say? You can send a direct login link with a unique token each time, no need to manage passwords at all. Simple and elegant. That’s how Grumpy implements login for authors, and it only took me a few hours to implement. Sure someone at Product Hunt huge dev team has a few spare hours somewhere?

If you’re a user, consider using email for all your authentication needs. It’s easier than you think and will last longer than any of other alternatives. Email also won’t spy on you (unless you’re using GMail, of course, but that would be YOUR choice). For convenience, I started to use password manager which generates and remembers a unique password for each website. That way even if one site is compromised rest of your accounts is still perfectly safe.