How many Stack Exchange logins should I have?
Adding logins means adding alternative methods to access your account; see this page for details.
Thus, additional logins cannot reduce the risk of hostile hijack; in fact, they can only increase the risk since they provide additional entry routes for the attacker. If you have several logins, then your "security level", formally, is no more than that provided by the weakest of the involved authentication systems.
Additional logins are meant to avoid being locked out if an authentication provider fails (e.g. ceases to operate). This can be viewed as extra "security", not against attackers, but against disasters.
If someone compromises your StackExchange account can't they just unlink all your recovery options? Assuming they can't, the model is that:
- Losing any of the accounts linked to SE is a "compromise".
- If any of the other accounts linked to SE is not lost then you can "recover".
On this model, 2 seems reasonable by your own analysis:
- 0 is no good, you can't log in to SE at all ;-)
- 1 is no good, you have no chance of recovery following a compromise.
- 2 is the least number of accounts with non-zero chance of recovery. Provided that losing one does not compromise the other, then in fact it gives you a pretty good chance of recovery, since losing accounts is rare and losing two in quick succession is very rare.
- Additional accounts increase the chance of compromise, and the additional chance of recovery must diminish rapidly because the recovery chance is already good.
As I said, however, I'm not confident of the model. I've never tried to unlink something from my SE account.
The provided is quite a big one. If your Gmail account is also the recovery option for your Facebook, then losing your Gmail account means you've a fair chance of losing Facebook too. So adding Facebook to StackExchange would have a less dramatic effect on your chance of recovery following compromise via Gmail.
Simply put, additional logins would have 2 effects:
- It increases the risk of attacks and account compromission
but on the other hand,
- It lowers the impact of a successful attack by limiting the perimeter of data accessed.
Then it's up to you to decide based on the risk you accept, and the balance you want in terms of usability versus security.