If I created a Udemy account with my Gmail, then what’s the difference between signing in with email and signing in with Google? Thanks in advance.
Telling Google where you are.
In addition to the downsides mentioned here about privacy regarding Google, there is a major upside to using this service: it offloads all of the authentication logic to google, so in theory it reduces your risk surface area, or it may be more accurate to say it concentrates your risk to your Google account.
You’d like to hope most websites use using common security best practices and keep on top of things but the amount of websites I had accounts on (on websites I had long forgotten) which have been pwned over the years tells me otherwise. Using google auth sets your account security to be exactly as secure as your Google account.
Udemy with email: Udemy gets your email, and will probably require a verification process to verify that you own it:
Udemy with Google Sign in: You click through in your browser, to authorize Udemy to obtain some details (usually just email + basic profile details), Udmey gets a “token” (effectively a random string) which they can send to google to retrieve these other details, and verify you still have an account and you (or google) haven’t revoked access, which they can use now and in the future. They don’t need to verify your email as they have a token that is “proof” already. To you it’s a click through, to everyone else it’s a bit more complex. If Udemy has a data leak, if they didn’t store your email directly, it’s possible that the token could be reset before someone is able to obtain it. But it’s unlikely they aren’t obtaining the email address as soon as you log in and storing it.
In addition to allowing Google to manage the authentication process, signing in with Google allows Google to track your visits. In some cases they get additional data about content you view.
In many cases the mere presence of that button allows Google to track that your device visited the Udemy sign in/sign up page, even if you don’t click it. Google uses this to create and update a profile of you they sell for advertising and other purposes, and exposes you to more risk if your Google account is breached. With a password manager I find using SSO to be about the same level of effort as using my manager’s autofill functionality
One thing not mentioned is that if you ever want to “de-Google”, you will have to go to all websites and services where you logged in using your Google account, and (try and) change the authentication method. Avoid it if possible.
Adding on to this comment, it is very often not possible to change your auth method.
If you use email to register, you can almost always change to a different email (same method) but you can’t change between methods, like from Google auth to Apple auth, or even to a different google auth.
You’d need to create a new account, and therefore lose all the data on your old account.
Always choosing email gives you the most control and most privacy, I’d strongly recommend it.
