More and more, SSO “out in the wild Internet” is seen as signing into a service with your credentials that are managed by some other company (identity provider). The less information you require to create an account (using data users have already filled out), the less drop-off you have for sign-up numbers. Building your own level of security well is difficult. Focus on what the user is expecting you to need/ask, and work with the data transparently.