Sign In with Email

Don’t log in with Google or Facebook — they’re data vampires.

Photo by Igam Ogam on Unsplash

People love to talk about login security, but today we’re talking about login privacy. There might still be a dash of security though, it’s unavoidable.

What am I suggesting and why?

When you sign up for an account and they offer you to Sign in with Google or Sign in with Facebook, don’t do it. Choose the email option instead. Also, review your Google and Facebook accounts for a list of websites and apps you’ve already granted permission for and revoke access.

Why? First, Google and Facebook track you all over the web already — now you’re also telling them everything you do on every website or app that you use their sign-in for. Second, if you consider all the personal information stored in your Google and Facebook accounts, the websites and apps you use those logins on may be able to access a lot more personal data than you expect.

For simplicity’s sake, when I say ‘app’ throughout the rest of this article, know that I mean ‘website or app,’ and I’m referring to a third-party app or website, not Facebook or Google.

You in? Let’s go!

We’ll walk through how to check what you’ve signed in with on each site and revoke access as needed!

Sign in with Google

1. Visit https://myaccount.google.com/permissions.
2. First, you’ll see “Third-party apps with account access.” These are apps that you allowed to access your data, but you didn’t necessarily use “Sign in with Google.”
3. Below that, you’ll see “Signing in with Google.” These are apps that you used your Google account to sign into. If you remove access from these, you may need to create a login with a password on those sites afterward.
4. For both lists, clicking on the name of the app will show you what permissions that app has. If you don’t want the app to have access to your information, click Remove Access. Then click OK.

Sign in with Facebook

1. Visit https://www.facebook.com/settings?tab=applications&ref=settings.
2. Here you’ll see a list of all the apps that either you’ve signed in with your Facebook account or given permission to access your Facebook account.
3. If you click View and Edit next to one, you’ll see what permissions the app has. If you don’t want the app to have access to your information, click Remove.

When you click Remove, you’ll also have the ability to “Delete posts, videos, or events [app] posted on your timeline” and “Allow Facebook to notify [app] that your login connection was removed. They may offer you another way to log in.”

Both of these are up to you. If it’s an app you never use, I’d probably suggest removing their posts, but not notifying them because who cares? If it’s an app you currently use, I’d probably recommend checking the second box at least because you might need to create a password to continue using the account.

What about Sign in with Apple? (Apple-Users Only)

This one is trickier. There are mixed opinions on this one, and I find myself torn also, but overall I’m OK with Sign in with Apple for a few reasons.

First, Apple doesn’t sell user data like Google and Facebook (they may use it internally though — I’m not giving them a total pass), but at least you know where your data is.

They also have an option to not send the app your personal email — they can generate an email address to send to the app and then route any messages sent to it to your personal email address. It’s honestly better for security not to use your real email address when signing up for accounts, so it’s a W.

I have used this option a few times. When I use it, I change my name (you can enter a different name if you want) and I never share my real email address (check the box that says “Hide My Email”).

Don’t Forget about Security in your Quest for Privacy

The benefit of using any of these sign-in options is convenience. You only need to remember one password, and your credentials aren’t actually sent to the third-party app. This is technically better for security — unless someone gains access to your Facebook or Google account, of course.

In general, unless you’re using unique passwords for every app you sign up for (which you absolutely should), these options might actually be better security for you. Every app that has an account associated with it has the potential to be hacked. If you use the same email/password combo for all your accounts, one breach can be detrimental.

That said, after you remove access from these apps, you will likely be prompted to create a password. This is your reminder to create a unique password for each of your accounts.

Maybe next week we’ll dip into security with an overview of password managers. They’re great. Spoiler alert, I use Bitwarden these days, it’s free.

Read On

• “She clicked sign-in with Google. Strangers got access to all her files.” The Washington Post The headline’s a bit dramatic, but they make some good points overall.
• “Time to ditch the Facebook login: If customers’ data should be protected, why hand it over to Zuckerberg?” The Register
• “Experts weigh in on Apple’s private sign-in feature” Engadget There’s some healthy debate in here, which I appreciate.
• “Sign In With Apple: Why This Security Feature Matters, And How To Use It” Forbes Also a pretty good overview of Apple’s sign-in service.