You really don't? It's just a ton easier for most users: it's (almost) like already having an account. Just click a couple times and you're in, no typing at all, no email confirmation or anything like that.

I also avoid it because I'm concerned about being over-reliant on google (what if they close my account?) and I know how to use a password manager, but I easily understand how 90-99% of the population doesn't care enough and goes the low-friction route.

I assume your circle is mostly tech people? Outside that bubble, it's pretty obvious. People just want easy, don't understand security in many cases, it's the simplest path.

Even absent the above. Imagine a signup flow. I can either click <Sign Up With Google> or I can go through a manual flow with input fields. The former is much faster than the latter. It surprises you people choose the path of least resistance?

People usually have either one or the other account already, because it came with their smartphone. It is friction less from their point of view.

HN is going to skew towards people with password managers & concerns about vendors locking you out. I think most people just want low friction - be that 'Sign in with', or passwordless-based authentication like 404media (you want to sign in? You've been emailed a code)

Something I didn't see in the other comments is users who are using the startup's service for work, as an employee.

Why wouldn't you choose the simplicity of "sign in with Google" if your work email is on Google Workspace, using the entire Google suite of business tools for everything (gmail, chat, meet, docs, drive, auth, etc) any everything you do at work is known to Google anyway?

Making an email/password account with your work Gmail is just extra steps, one more password to store, and perhaps the inconvenience of one more 2FA thing. Google gets the same information either way.

Similarly why wouldn't you choose the "sign in Microsoft" if your work is all in on the Microsoft suite of business tools (teams, office, onedrive, auth, etc.) and everything you do at work is known to Microsoft anyway?

> I just don't get why people love this.

For a single personal user it's only a small bit of friction but if you're in charge of 30 people SSO is a godsend for boring compliance work and managing groups of people. You want to change a domain in the company not a big deal. Don't have to rotate passwords every quarter, need to restrict an employee from a service etc. You aren't imagining other challenges other than your own here.

> I just don't get why people love this.

For the same reason why companies implement SSO for employees? It's just easier to have one account with one password to rule them all.

“Sign in with Apple” allows me to use a random “Hide My Email” address for services that I can’t bother with so it’s absolutely a godsend for me.

My email goes to the same company I can login with so might as well tap the button.

It's a few things (source: I've worked on some large online B2B systems and seen signup flow funnel data for some even larger B2C systems):

1. Ease/laziness as others have mentioned. Even for a service that answers a real need, many users will bail out of the signup flow and just ... leave that need unsatisfied when they see a web form.

2. Underreported: google/apple sign-in buttons make it feel like you already have an account. The fact that the "grant access" new-signup request is a second screen and that "sign up" and "sign in" (with Google/Apple/Github/Facebook/etc.) are the same buttons to enter the funnel is huge. It's not that users are confused/forgetting whether they already have accounts (though some are); rather, it's psychological momentum created by the ambiguous language.

3. Trust and consistency. Nontechnical users just trust the recognizable brand buttons more. They don't necessarily know why/know how auth works, but they know that a lot of data breaches happen and are scared. The fact that the embed button almost always looks the same/familiar is massive. I suspect that it would also be a conversion killer if the "sign in with apple/google" buttons were styled to look totally different and not contain logos.

4. A lot of semi-technical folks don't like remembering passwords (and password managers--even good device-integrated ones--aren't as reliable at autofilling as a lot of casual users would like). Others know that it's a bad idea to reuse passwords. As a result, people use the button that doesn't require them to pick a password they'd have to remember.

5. Impression of privacy. Some (especially older) nontechnical users have a significant aversion to typing in their personal info (name/address/CC number) into online forms, so they pick the option that doesn't require that.

6. Technical people who prefer SSO because it gives (on the SSO provider side) a list of every integrated account; better permissions control (for services that integrate with e.g. Google for more than just login); a marginal chance of a little less data being stored on a service's servers versus the regular make-an-account option; somewhat fewer opportunities for a service to screw up auth by building it themselves wrong. This demographic is small compared to less technical users.

That's all presented without comment. Some of those points are based on exploitative provider behavior, or user ignorance. I'm just explaining the decisionmaking factors, not defending them.

Add all those up, and you definitely get a conversion killer.

> I just don't get why people love this.

I wonder if there will ever come a day where the average HN user actually understands how normal people use technology.

Just observe anyone in your social circle that does not "care" about technology and you'll see their reaction to a login prompt when trying, not rarely under time pressure, to access a service they haven't used for a while.

They will sigh, maybe roll their eyes. And who can blame them? The same goes for registering to a new service. Normal people don't use password managers, they don't have Bitwarden with auto-fill, nor do they ever "generate" passwords.

"Sign in with..." offers them a way out of a frustrating experience, it's the device telling them "Hey, would you just like to use this thing you're already logged into instead?" -- yes, obviously they would like that.

In my experience its been the users who principally only have a mobile phone - i.e. no desktop - and therefore want the benefit of the phone-managed account system tied to .. biometrics, etc...

Heard of haveibeenpwned? You'll end up there, eventually.