What "Sign in with…" actually does, in plain English

You have seen the button. "Sign in with Google." "Sign in with Apple." Maybe, before long, "Sign in with Chirp." You click it, a page you half-recognize appears for a moment, and then you are logged in to some other website entirely — one you never gave a password to. This post explains what just happened. It assumes you have never written a line of software. By the end you will understand the whole thing, because it rests on an idea far older than computers.

The technical name for this is OpenID Connect. You can forget that name. The plain version is: instead of proving who you are to every website separately, you carry a letter of introduction from someone they already trust.

The problem it fixes

Think about how the old way works. Every website you join asks you to make up a password — in effect, a private word kept just between you and them. Join enough of them and you have handed out a separate secret to a great many strangers: one to this household, one to that one, and forty more you have long since forgotten. Each of them keeps your word written down. And here is the trouble: you only have to be unlucky once. If a single careless household lets its book of secrets be stolen, the thief now holds a word you very likely used elsewhere too, and walks straight through that other door. One careless stranger puts every other door at risk.

So the goal is simple to state: stop scattering your secret across dozens of strangers who may or may not look after it.

The idea: a letter of introduction

Long before telephones, if you wished to call on someone who had never met you, you did not simply knock and announce yourself — why would they believe you? Instead you carried a letter from a person you both knew: a respected figure who had met you, written in their own hand and closed with their personal seal pressed into wax. The household you were visiting did not know you. But they knew that seal, and they trusted the person it belonged to. The letter did the vouching that your own word could not.

That is exactly what happens when you "sign in with" someone. The website you are trying to use is the household that has never met you. The trusted figure is the one whose button you clicked — Google, or Apple, or, in our case, Chirp. You go to them, they satisfy themselves that you really are you, and they write you a letter the household will believe.

Here is the whole exchange, the same one your browser performs in under a second:

1. The website sends you to the introducer. You click "Sign in," and the website hands you over to the introducer's own page. You can watch it happen: the web address at the top of your screen changes to the introducer's.

2. The introducer makes sure it is really you. How they do this is their own affair, and different introducers do it differently — some ask for a password, some use your phone or your fingerprint. The way we do it at Chirp is to email you a link. You type your address, we send a one-time link to it, and you click it. The reasoning is the same as a card mailed to your home to prove you live there: only the real you can open that inbox.

3. The introducer writes and seals the letter. Once satisfied, they write a short note that says, in effect, "This is the same person, and they came to me just now." Then they close it with their seal. The household could recognize that seal at a glance, but to make one themselves they would need the introducer's own ring — which never left the introducer's hand. And the words cannot be quietly altered, because tampering breaks the seal.

4. You carry the sealed letter back, and the household reads it. The household checks the seal is genuine, reads the letter, sees that the introducer vouches for you, and admits you. Notice what never happened: they never asked you to invent a secret, and never wrote one down. There is no password on their books for a thief to steal later.

That is the entire mechanism. One trip out to the introducer, one sealed letter carried back. Everything else is detail.

Why this is also good for your privacy

The sealed letter does a few quiet things that are easy to miss.

The household never learns your email address. The introducer knows it, because that is how they reached you — but the letter they hand you does not contain it. The household receives a vouching, not your contact details. So signing in this way does not hand a stranger your address to add to a mailing list.

Each household receives a differently addressed letter. This is the part people find surprising. The letter the introducer writes for one household names you one way; the letter they write for the next names you another. Both vouch for the same caller, but the two households cannot lay their letters side by side and discover that their visitors are one person. The introducer deliberately gives you a separate name at each door.

What you are trusting, and the honest catch

It would be dishonest to stop there and call it perfect, so here is the catch. You have not removed trust from the picture — you have concentrated it. Instead of trusting forty careless strangers, you are trusting one introducer to be careful. That is a much better deal, because there is now one reputation to get right instead of forty. But it is one introducer. They do know every household they sent you to, even though those households cannot see one another. So the question that matters is no longer "is this household careful?" forty times over — it is "is my introducer careful, and could I leave them if I stopped trusting them?"

Curious how "a separate name at each door" actually works under the hood? See "Pairwise subjects: giving every app a different you".