Cunning trick StackOverflow uses to get you to signup using Facebook credentials

Uhm, no?<p>I added the Facebook login option* to Stack Overflow, and I can assure you we don't really care which credential you use. We don't do anything different based on Facebook/non-Facebook creds.<p>Go look at your app settings and you'll see that the Stack Exchange/Stack Overflow app only accesses your Facebook account when you login. We don't do any subsequent queries, by design (we actually discard the auth token, but that's harder to prove).<p>The vast vast majority of the accounts on Stack Overflow use Google as a login provider. This has basically always been the case (<a href="http://meta.stackoverflow.com/q/31021/130213" rel="nofollow">http://meta.stackoverflow.com/q/31021/130213</a>).<p>* We waited until they supported OAuth 2.0, as we weren't comfortable with the older Facebook Connect.

At first I thought this was just embarrassingly wrong, but it's more than that; you fabricate details to try and make your point. This is what the SO login page looks like: <a href="http://i.imgur.com/4Z8P8.png" rel="nofollow">http://i.imgur.com/4Z8P8.png</a><p>SO doesn't push Facebook logins -- they accept any OpenID login, and Facebook is one of 13 default options presented (besides just letting you type in whatever provider you want). They <i>only</i> accept OpenID logins -- the Stack Exchange option is just a Stack Exchange-provided OpenID. You can use that login with any OpenID-enabled website, including Stack Overflow. I can't believe you felt comfortable writing "they strongly encourage you to sign in using Facebook"<p>Furthermore, they don't even use the Facebook login you're thinking of. Facebook supports oauth, so they connect via that. They're not cleverly stealing all your Facebook data; oauth doesn't work that way. It just got funny when you complained that the password requirements were more complicated than banks, since banks are regularly mocked for their incredibly insecure password requirements<p>As far as I know they've never published what percentage of users use which type of OpenID, but I know at least myOpenID is very popular. Why you chose to use your Facebook account from one of a dozen options and then bitched that you used your Facebook account is completely beyond me

This is a strange conclusion from a site that accepts every OAuth option under the sun with the facebook login as the last presented major option.<p>Assuming a UX mind trick because someone has a strict password policy is a bit far-fetched IMO.

What a load of whining rubbish.<p>Anyone who thinks a short password is secure in this day and age is nuts - particularly as just such individuals re-use passwords across services.<p>This person would be the first to decry SO if there was any breach of security caused by bad password choice.

Is this a joke post?<p>8 unique characters? I just checked (as I use a password manager) - 90% of my hand-coded passwords pass this test. The rest of my passwords are machine-generated - and most password generators are capable enough to guarantee unique characters and length.<p>Maybe StackOverflow's "cunning plan" [1] is really to force you to use a password manager or OpenID?<p>[1] <a href="http://en.wikiquote.org/wiki/Blackadder" rel="nofollow">http://en.wikiquote.org/wiki/Blackadder</a>

This is what password managers are for. Here's one that the manager I use generated for me:<p><pre><code> 87NTK7g9M;xwF@aQ7tqTK{d(87ftLd4(;a$w]#f7X4&#60;yAFNFwk </code></pre> I believe that meets their requirements.<p>I like StackOverflow's login implementation. I believe StackOverflow was the first site I encountered that I wanted to sign up for and whose OpenID implementation accepted i-names. I had =tzs for something like 2 or 3 years before finally being able to actually use it.

I think this is missing the difference between grabbing your Facebook login and using Facebook's OpenID capability. The only piece of information StackOverflow gets back from Facebook is the fact that you're logged in there.

I don't think this brilliant at all. Anyone who decided to forego the FB Connect route is already someone who wants to sign up. By making it incredibly painful, it'll lessen the chance of him even signing up. Sure, you'll get more FB signups, but the absolute # of signups will decrease.<p>And what's the advantage of more FB signups? This isn't a social network like Foursquare or Pinterest.

Really? This is to herd you into using FB?<p>First issue: How do you know this is the intention?<p>Second issue: Who cares? You are free to not use the site.<p>Third issue: There are other options. I sign in using Google's authentication. I did not even know they had FB integration.<p>Seems more like this post is an excuse to whine about things than anything "real".

StackOverflow is just doing the right thing enforcing a strict password rule. If people don't want to create an account with a strong password and instead end up using FB connect, then it's just what the user chose. I don't think that amounts to StackOverflow being cunning and tricking anybody. I get your point but don't think you should use those words.

Wow, the risks of putting your own blog post on HN :-)<p>If you're reading edawerd, One Password and other tools like it are real lifesavers in this sort of situation.

All this tells us is that you typically re-use your passwords, and that they are fairly weak to begin with.

I think the real issue here is the weakness of the passwords your bank is willing to accept.

kmontrose of StackOverflow informed me in his comment that this in fact was not their intention at all. Futhermore, they don't use any of their user's Facebook profile data. I now realize it was a bit of a stretch to say that Stack Overflow engineered their UX in this manner.<p>Regardless, the strong password requirement DID convince me to sign in using my Facebook credentials, and I'm sure it will convince others as well. In conclusion, I think a very strong password could actually funnel users into signing in with 3rd party credentials.