What’s everyone’s favorite part of using any app or website? Why, signing in, of course!

Just kidding.

Signing in is a necessary evil; we want it to create as little friction as possible, but it does carry important security and password management implications. How can you make sure your sign in process is both smooth and secure?

Smooth Sign In on Flexibits

We recently released an update that makes your signing in to your Flexibits account much easier. You’ve got three options for sign in: you can sign in with Google, with Apple, or you can sign in directly with your email and password. You can find all three options in the Security & Devices section of your Flexibits Account hub.

Check our support article for a detailed walkthrough.

Where previously, it was a little tricky to change your sign in method after you’d signed up, it’s now much simpler to change your password or your sign in method whenever you need. Just head to Security & Devices and update your settings in the Sign In Methods section. You can also activate multiple sign-in methods to maximize overall convenience.

Why might you go with one sign in method over another? There are a lot of factors to consider, and everyone’s preferences vary. (Note: this is not official medical, legal, financial, or relationship advice. Contact your doctor if — err, contact our Support team if you have any specific questions. 😊)

What is the benefit of signing in with Google or Apple?

Signing in with Google or Apple, also called “third party login” or SSO (single sign-on), is a great option for convenience.

If you’re already logged in to a Google or Apple account on a given browser or device, signing in with Google or Apple gets you in with just a few quick taps. It’s as close as we can get to the minimal friction dream (until the entire internet is equipped with fancy biometric security and we’re all basically Tom Cruise in Minority Report, of course).

“Zoom. Enhance. Sign in using my unique eyebrow whorls.”

Don’t worry — the convenience of third party login does not come at the expense of security. All apps and websites that use third party login follow a set of industry standards around OAuth 2.0, which basically just allow the third party to sign in on your behalf. The site or app you’re signing in to never sees your third party credentials — instead, the third party creates an encrypted key called an OAuth token, and the app or site stores that instead.

Ultimately, your comfort with the security of third party login comes down to your comfort with the security practices of the third party itself. With Google and Apple being the large and well-established companies that they are, they’ve obviously got very sophisticated security systems and huge teams dedicated to preserving that security.

That said, if a true Mr. Robot style team of hackers ever wanted to pull a full Fight Club, they’d target large companies like Google and Apple first. (Clearly cybersecurity’s got us in a sci-fi mood. 😎)

Google has a ubiquity and ease of use that is attractive to many users, but comes under criticism for the amount of data collection and tracking it does. If you don’t want Google to know more than they need to about what apps you use and when, you might consider avoiding Google as your third party login provider.

Apple is well known for prioritizing privacy, but sometimes at the expense of compatibility with anything outside the Apple ecosystem. Their new Hide My Email feature is a great privacy option: it generates a random, unique email address for each app or website you sign in to, then forwards any mail it gets to your primary email address.

Keep in mind that if you ever delete or get suspended from your Google or Apple account, you’d need to reconfigure any accounts for which you were signing in via Google or Apple.

What is the benefit of logging in directly with an email and password?

The standard sign in method, where you log directly into a service with your email (or username) and password, is a good option for those that are looking for maximal security on their own terms. Plus, if you have a password manager that you like, signing in with an email and password can be just as convenient as third party login. 1Password, LastPass, and Dashlane are all great options.

Here are a few quick notes on what NOT to do when it comes to standard sign in:

🔄 Don’t use the same password for multiple apps or websites — if one of those sites gets hacked, all of the accounts for which you used that password can be compromised.

🧠 Don’t rely on your memory as a password manager — there are simply too many things to sign in to these days. Our brains are powerful, but not that powerful. Plus, they’re not really built for memorizing long lists of specific information anyways.

❎ Don’t use easy-to-crack passwords like…

  • buttercup1964 — Passwords with names and dates are easy to socially engineer.
  • skh85!netflix, skh85!hulu, skh85!hbo, etc.  — Using passwords that follow a predictable pattern may help you remember them, but it’s not much better than just using the same password for everything.
  • k8wd*9 — Short strings of random symbols and letters are harder for you to remember, and easier for brute force systems to crack.
h/t xkcd

Of course, just as with third party login, the security of standard sign in is only as secure as the company you’re signing in to. If you’re worried that a company has subpar privacy or security practices, you may want to opt for a trusted third party login method instead.

Luckily, as far as Flexibits is concerned, you have nothing to worry about on the privacy front. All passwords and OAuth tokens are stored only on your devices, not on our servers, meaning we couldn’t even access your password if we wanted to (and thus, neither could hackers).

Signing in to your Flexibits account vs. Adding accounts to Fantastical

Word to the wise — signing in to your Flexibits account is different from signing in to add accounts to Fantastical.

With Fantastical open, head to Settings > Accounts to add any of the accounts below:

When you select the account you want to add, you’ll be redirected to sign in to that account (maybe even via third party login!). Once you’ve signed in, you can add calendars from that account, attach Zoom meetings or Webex meetings to your events, integrate tasks from Todoist, and more.

That’s all from us today! Signing off for now (since it’ll be a breeze to sign back in again anyways 😉).