Everything you need to know about secure account linking

Account linking enhances user experience by allowing multiple login methods, such as email/password, Google Sign-In, or Apple Sign-In, to connect to a single user account. The article evaluates three primary methods of account linking—manual, link-on-login, and automatic—highlighting their security risks and user experience implications. Manual linking, while highly secure due to its user-driven nature, can be inconvenient and underutilized. Link-on-login strikes a balance by prompting users to confirm account ownership when duplicate emails are detected, offering good security and moderate convenience. In contrast, automatic linking is the most seamless but poses significant security risks by relying on external identity provider (IdP) claims, which could lead to account hijacking if not handled safely. The article stresses the importance of verifying email claims, understanding IdP practices, and using stable identifiers for linking to mitigate risks such as domain spoofing, email reuse, and unverified claims. Recommendations for developers, security architects, and product managers are provided to ensure secure implementation, emphasizing a trust-but-verify approach with clear user communication and control over linked accounts.