I can’t say I like Google’s federated login API. Normally, when I sign up for a site with an unknown reputation, I use a new e-mail address – thatsitename@somedomain.com – that gets forwarded to my inbox automatically because I’ve got a catch-all rule in place. If that e-mail starts to generate spam, I just stop forwarding it. Fairly common practice.
Single sign-up fouls that all up. Now I have to either expose my base e-mail or create a bogus Google account from scratch in order to use the service, which means, realistically, I’m less likely to use it. Not to mention the phishing problems — do I really trust myself to check to see if ‘google.com’ is in the URL of every page that looks like the Google Account sign-in?
Well, maybe it won’t catch on.
