Two views:
Corporate:
Whether you have control over all the machines, or at least the central auth server, you're better off with SSO. One place to hire employees, one place to terminate them, one set of credentials they have to worry about. Individual server compromises shouldn't leak credentials. Users are less likely to get annoyed, forget passwords, and use horrid patterns of passwords especially when the 7 different computers they have to access start hitting their password change periods at staggered points.
In a company environment, you want one point of authentication.
The Wild Internet
Spoofing / phishing is a bigger concern. Privacy becomes a concern. A third party knows everywhere you log in. Compromise of that 3rd party compromises all your accounts. The benefits of one identity, one login have to be weighed against all those. When you get duped into a fake login page from your web forum and it links to your email, and hence your bank, things may get ugly.
For the ServerFault guys, there's no question that they want that on their network. For the world at large, there's a big bit of trade-off to be had.
Edit to address commments
- Submitting one's login credentials to a 3rd party service is the antithesis of single sign on.
- In some cases, it does make sense to provide users with multiple accounts. Many wise system administrators have their normal operations accounts and their elevated privilege accounts. At the same time, this is still an SSO system. It is often the case that a central authentication server handles the multiple accounts.
- In regards to password sharing, I consider that a poor argument against SSO. In any case where access to something should be shared, it should be done with different credentials. While we have to accept that there are some systems out there that need sharing and do not implement the ability to assign rights, this should be addressed by altering the system whenever possible.