I used to use these “social logins” exclusively. Whether they were FB, Apple, or Google. Because big tech couldn’t get hacked and it was convenient.
But quickly realized how much of a pain it was to deal with when issues at various service providers arose. It complicated operations for small businesses. Often I lost accounts because their support just gave up on trying to diagnose issue.
But also if those IdPs deemed your account in violation of some vague policy, or maybe they just don’t like you because of “freeloading”. Then you will quickly lose out on access to numerous services.
Some services have sane account management practices and allow you to dissociate the account from a SSO provider. But most I have encountered are just clueless. Some services, the system is designed so bad that I cannot change the email.
I remember l1 support for some company stating emails are immutable because it’s more secure that way. Such bullshit.
this bypass event is yet another reason to avoid using Google/Apple/Facebook as SSO provider. These companies have time and time again proved they are pregnable.
Fortunately, thanks to password managers it makes creating complicated passwords with hundreds of services much easier.