Deleting a Medium Account When OAuth Login (Google/Twitter) Breaks — How Users Forced a Password Reset

Logging into your Medium account using an OAuth provider like Google or Twitter is convenient—until it suddenly isn’t. For many users, a broken OAuth login can be more than a small annoyance; it can result in loss of access to years of writing, engagement, and identity. In some recent cases, users struggling with inaccessible OAuth login options found themselves forced to perform a password reset—just to delete their Medium accounts.

TL;DR

When OAuth login through Google or Twitter malfunctions on Medium, users lose access to their accounts. Recovering access often involves requesting a password reset, a step normally not associated with OAuth-only accounts. This not only confuses users but also raises concerns about data autonomy and platforms’ dependency on third-party authentication. In severe cases, users have had no choice but to reset their passwords just to delete their profiles.

Understanding OAuth and Medium’s Login System

OAuth, or Open Authorization, is a protocol that allows secure delegated access to server resources. In practical terms, it’s what lets you click “Sign in with Google” on platforms like Medium without ever typing a Medium-specific password. It’s trusted and commonly used—but it’s not without risks.

Medium, like many content platforms, offers OAuth login via Google, Twitter, and previously Facebook. Users opt for these quick logins because it saves them from remembering yet another password. Unfortunately, this convenience can backfire when that external service has issues or when APIs change without backward compatibility.

What Happens When OAuth Fails?

When a Medium user’s linked Google or Twitter login fails—for example, due to changes in the third-party API, revoked tokens, or a deleted connected account—the user is effectively locked out. Unlike services that offer a parallel username-password login, Medium originally had no secondary login method set for OAuth-based accounts.

Common failures include:

• Twitter API changes breaking the login redirect.
• Users deleting or losing access to their Google account.
• Unexpected errors from Medium’s backend failing to complete OAuth verification.

The consequence? Immediate and indefinite loss of access to the account with little to no warning.

The Shift: Requesting Password Resets for OAuth Accounts

Faced with login failures and no alternatives, many users turned to Medium’s support team for help. The surprise came when Medium’s response suggested using the “Forgot Password” link—which shouldn’t theoretically apply to accounts without an initial password.

This workaround triggered several issues:

1. Security concerns: If a user never set a password, what exactly are they resetting?
2. Usability breakdown: Users were confused about how resetting a password could help retrieve an OAuth account.
3. Loss of trust: Being told to ‘fake’ their way into access reduced confidence in the platform’s account integrity.

In several reports, users stated that once they reset their password using a recovery email (which luckily had been auto-linked in earlier account creation), they could log in using their email and new password—bypassing OAuth altogether. Ironically, doing so was often a precursor step to deleting the account entirely out of frustration with the process.

Why Are Users Deleting Their Accounts?

The question arises—why not just reset the password and move on? For writers and creators who invest in platforms like Medium, identity matters. Broken login processes erode trust. Once users gain access through unconventional means, many choose to delete their accounts for the following reasons:

• Data control: If a login method can suddenly fail, what guarantees are there about data security?
• Platform reliability: Writers expect a more robust identity and access management system.
• Lack of transparency: Medium has not clearly communicated how OAuth accounts are managed behind the scenes.

Medium’s Design Flaw: Dependency Without Redundancy

The core issue lies in the flawed assumption that OAuth logins never fail or that users will always have access to their originating credentials. Platforms that rely solely on third-party authentication risk orphaning user accounts if those services cut access or malfunction.

Some modern best practices include:

• Allowing OAuth users to set a secondary password at registration or later through settings.
• Giving users multiple recovery options, such as backup codes, 2FA, or email confirmations.
• Providing clear UX around account recovery for social login methods.

Medium has implemented partial fixes, but the initial design left many users in digital limbo—forced to hunt through support pages and Reddit threads before eventually resetting a password they technically never had.

Legal and Ethical Implications

Beyond the technical limitations, there are ethical concerns regarding user consent, access to personal data, and transparency in identity management. If platforms tie a user’s content and personal data to a third-party login, they owe users a clear and resilient path to recovery.

Furthermore, under regulations like GDPR and CCPA, users have the right to access and delete their data. Blocking users from entering their account also blocks them from these legal rights unless a workaround—like the password reset trick—is uncovered.

This forces the question: Should platforms automatically create fallback login methods, or is that inappropriate handling of OAuth-sourced accounts? As user expectations evolve from mere access to transparency and control, platforms must adapt accordingly.

Community-Driven Solutions

Interestingly, many of the solutions to this issue emerged not from Medium’s official documentation, but from passionate user communities. Hubs like Reddit, Hacker News, and independent technology blogs began cataloging workarounds, step-by-step guides, and warning articles.

• Reddit threads detailed how to access account settings via password reset.
• Blog posts cautioned new users to immediately set a password if using OAuth.
• Developers wrote browser scripts and extensions to monitor failing OAuth flows and document errors.

Community-driven transparency became the lifeline for users caught in the OAuth trap. Without it, many users would have lost access permanently.

What Can Medium and Similar Platforms Do Better?

To build user trust and maintain account integrity, platforms should consider these changes:

• Give OAuth users the option to set a password post-signup.
• Add backup login methods such as recovery codes, secondary emails, or SMS.
• Notify users when third-party providers are experiencing issues or terminating support.
• Offer a direct pathway to account deletion or support contact even when login fails.

These changes, while minor in implementation, can profoundly impact user experience and reduce churn due to trust violations.

Conclusion

For a platform that prides itself on storytelling and content ownership, Medium’s handling of OAuth login failures highlights a broader problem in the tech industry’s overdependence on third-party identity providers. While convenient, these methods must be paired with thoughtful failsafes and clear recovery paths. As users increasingly value data autonomy and access control, platforms must meet them with transparency and resilience.

Whether you’re a developer designing a login system or a writer choosing where to publish, this lesson remains crucial: Never trust a single door to your digital identity without ensuring there’s a window left open for emergencies.