SSO.. eeew no.
Single point of failure. If your one password is compromised, then every single service you use with SSO is them compromised.
Its great if you are in a corporate environment with plenty of corporate protection.
Also, from the sounds of it, these "experts" may be well versed in a specific domain but not really expert in everything related to online security.
With websites being hacked daily, you pick the websites you want to deal with based on some set of trust relationship. You wouldn't go to a sketchy looking website and put in your social security number and all your banking information. We a REAL security expert is going to determine whether a website is trustworthy and probably assign it some value as to its relative safety.
1. Do I think this website may be in itself malicious?
2. if the website isn't malicious, does the technology they use to protect their users meet a minimum standard for security to prevent any information i may put on there from possibly being stolen.
3. if the security meets the standards, is it safe for me to share personal information? what does this company do with the information that is shared. From a corporate standpoint, does their business model focus on selling or manipulating user information?. Is information shared outside the company with or without my permission?
4. Should an online entity or company be asking for this (some level of) personal information from me that has nothing do with the the service they offer me or the business relationship we have?
Oh and password managers... for the lazy. Again single point of failure. If a large company like Amazon and Microsoft be hacked with probably some of the more advanced security infrastructures for online businesses, then some piddly little company website is not going to be a match for a determined hacker and then it again becomes a single point of failure.
Use a password locker application on your desktop. Never something you have to connect to remotely.
You should trust and work to make sure the security within your own network and on your desktop meets your standards which should be better than any website you would think twice before sharing information with.
And the cloud... marketing drivel. if you are putting your personal information that you specifically dont want other people to have access too. putting your safety and security in the hands of a third party with unknown ability, motives or skills, then you by definition are an idiot. Services and machines are hacked everyday.
And just so we are clear, 100% of online identity fraud happens because of information about you that makes its way online. Identity fraud numbers have skyrocketed in the past few years. And It mostly correlates time wise with the rapid adoption of facebook and other social networking services.