Logging in using your Google, Facebook, and Apple accounts is safer than you think
No one likes a peeper.
This post has been updated. It was originally published on October 27, 2020.
If something inside you screams in frustration every time a site asks you to create an account, you’ve probably shut it up by using your Google, Facebook, or Apple account instead. It’s an easy solution—so easy, in fact, that we can forget just how many random accounts are linked to our major ones.
These big platforms allow you to check what apps and sites are connected to them, and from the comfort of their settings menus, you can decide to keep them or revoke access with a single click.
As a healthy security habit, you should often take the time to ensure there are no sketchy sites accessing your information. Or even platforms you were excited about a couple of months ago and are now the latest name on the dead services list—RIP Quibi.
Should you even be using your Google, Facebook, or Apple accounts to log in?
Using your big-name accounts (which you’re probably already logged into on your browser) is convenient as you won’t have to remember another username or have to worry about the security strategy of every site you use.
When a site lets you sign up with one of these accounts, they’re applying a protocol called Open Standard Authorization (or “oauth” for short), in which your Google, Facebook, or Apple account vouches for you and tells the site that yes, you’re the real person you claim to be, and not an identity-usurping bot. This is the online equivalent to having a stylish friend tell the bouncer at the club that you’re cool.
The site never gets a password, only the user name for the platform you’re using—your Gmail address, your @facebook email, or your Apple ID—and a “nod” of authentication. This is what makes it a safe method, and if there’s a data breach, you won’t have to run around in circles trying to remember how many other sites you used that same password on (please, don’t do that).
Extra security features available on most major platforms are also helpful. That two-factor authentication or text message prompt you use to protect your email account will also cover whatever site or service you’re signing up for with it.
Revoke access to apps from your Google account
On Google, start by going into your account settings. If you’re already logged on, you can go directly to myaccount.google.com, or click on your avatar on any Google service, and go to Manage your Google Account. On your Android phone, go to Settings, Google, and then Manage your Google Account. On iOS, just open the Google app and tap on your avatar.
Once you’re there, choose Security and then Third-party apps with account access.
Of the two lists you’ll see there, the first has the apps you’ve shared data with, like your basic profile information (photo and email address), contacts, or calendar. The second shows the apps you’ve logged into using your Google account. Click on the name of an app to get basic information, like when you first logged in, what kind of data it has access to, and what it actually does with it.
If you’re comfortable with what you see in there, you can click on the app’s name again to close it and move to the next one. But if you find something you can’t identify, don’t use anymore, or has too much access to your data, you can click on Remove Access to unlink it from your Google account.
Revoke access to apps from your Facebook account
To see what apps you’ve used your Facebook account to log into, go to Settings and Privacy by clicking the downward arrow all the way to the right of the top navigation bar. Then, go to Settings and on the panel on the left, click on Apps and Websites.
There you’ll see all the apps with third-party access to your Facebook data, sorted in three categories: active, expired, and revoked. The first and last ones are sort of self-explanatory—active apps and sites currently have access to your data, while revoked ones used to be able to access your data but can’t anymore.
Facebook has an extra layer of security, and under Expired you’ll find the apps and sites the platform unilaterally revoked access to after you didn’t use them for 90 days. This is particularly useful since it reduces the chance that some random site you signed up for five years ago to learn your celebrity look-alike will be snooping your data without you knowing about it. Depending on the app, though, it may still be able to see basic information such as your profile and cover photo—even when the permission has expired.
Click on the View and Edit button beside the name of an app to see details, like what kind of data the platform can access, any expired permissions, and who among your friends can see you’re using it. Click on the Remove button at the top of the screen to cut the app’s access to all of your data, or click Remove beside each piece of information on the list to revoke access to it.
Revoke access to apps from your Apple account
If you’re looking to manage your Apple account logins, the path you take will depend on what device your using to access your Apple account. On the web, sign in to your Apple ID account, go to Security, Manage apps & websites, and Manage. If you’re on your Mac, go to System Preferences, click on Apple ID, and then go to Password & Security. On any other Apple device, go to the Settings app, tap on your name, then go to Password & Security, and finally tap on Apps Using Your Apple ID.
You’ll then be able to see a list of the apps you’ve signed up for using your Apple ID. Click or tap on their names to get more details, like the specific email address the app associates with you. If you want to revoke access, scroll down and choose Stop using Apple ID, and then confirm.
What you should keep in mind
It’s a good idea to make a healthy habit of reviewing these lists at least once a month. Check what you’re comfortable with, and if something looks sketchy, don’t think twice before removing access to your information.
You should also remember that revoking access to an app doesn’t mean deleting whatever it already knows about you—only that it’s no longer collecting any new data. The platform might still have a copy of what it was able to access while it had your permission. This is not particularly bad, but it’s an example as to why it’s important to have a clear view of who you’re sharing your data with at all times.
And if your Google, Facebook, or Apple account is the way you access most of your stuff, make sure to properly protect your major accounts: never reuse credentials (or use a password manager), and please, please, enable two-factor authentication.