Google offers a variety of Internet services that require user authentication. These services rely on a single-sign-on service, called Google Accounts, that has been in active deployment since 2002. As of 2006, Google has tens of applications with millions of user accounts worldwide. We describe the data management requirements and architecture for this service, the problems we encountered, and the experience we’ve had running it. In doing so we provide perspective on “where theory meets practice.” The success of the system comes from combining good algorithms with practical engineering tradeoffs.