CATEGORIES
- WEB STARTUPS
- CONFERENCES
- WEB JOBS
- MICROSOFT
- INTERVIEWS
- VIDEO
- AMAZON
- ALL TOPICS
CONTRIBUTORS
Why Doesn’t Google Consolidate Login Procedures?
Over the past few weeks I’ve been keeping track of the different ways each Google service handles login procedures. I would have thought that once I am “cookied” by a Google service that all services would authenticate my session in the same manner — this is not the case. Below are some of the Google services and what happens when I attempt to load the service assuming that I am already cookied.
- Gmail – takes me right into my mailbox with no login screen
- Google Checkout – forces me to enter my password each time but displays my username
- Feedburner – takes me directly into the my main list of managed feeds
- Google AdSense – displays a login page but the login box is missing and a “waiting” note and then I am taken directly into my account
- Google AdWords – takes me directly to my management screen
- Google Webmaster – displays a similar screen to Google AdSense but I am forced to click the login button but am never prompted for a password
- iGoogle – takes me directly to my customized home page
- YouTube - clicking upload takes me directly to the upload screen
- Google Reader – takes me directly to my RSS feeds
- Orkut - takes me directly to my account management page
- Google Groups – takes me to my groups management page
- Google Docs – takes me directly to my documents management page
- Google Calendar – takes me directly to my calendar
- Blogger – forces me to login using my Google account information
At first I was thinking that it’s great that Google forces me to enter my password when I want to process orders for my startup in Google Checkout. But if that’s the case, shouldn’t Google AdSense follow the same authentication pattern? What about Google Docs and Calendar – documents in both of those services could be just as sensitive as financial information in Google Checkout/AdSense or AdWords.
Earlier this week we had over 1,500 comments on our Gmail down post. Many of the comments (and in emails I received) noted how many confidential and important documents are held in user’s Gmail accounts.
My question to ya’all and to Google is simple – why not follow the same procedures for all Google services? Or perhaps the better option is to allow users to select what level of authentication they would like for each service. Either way, I’d like to see some consistency based on the “security level” of each application.
Microsoft sites are much worse. Live, Bing, Microsoft, Passport – you’ll see references to all their authentication products in half a dozen pages.
You also should mention Google Analytics. It knows you’re logged in, yet you still have to click an “Enter Anayltics” button to actually go in.
Thanks Bryce – can’t believe I left that one out!
What’s worse is that you get the “Enter Analytics” button whether you’re logged in or not. Then, you either get sent to Analytics if you’re logged in, or a login form appears if you’re not. Why not just show the login form if you’re not logged in? Why do I have to click “Enter Analytics” and then login?
I was thinking that same thing recently. It’s really a strange user experience to go from one Google site, where you’re logged in, to another, and to be asked by that second site to log in again. When you go back to the first though, you’re still logged in. I guess it helps with different levels of security that are required by each app, but it’s still frustrating, and something that I wish they would let you disable or bypass.
Some Google sites are actually using OpenID for logging in because they don’t run on the same architecture as most Google servers.
And others just require it for extra security.