Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×
Search
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

What to Know About Logging onto Websites with Facebook or Google

Balance the convenience with the security of your information

spinner image the word login in a square superimposed over a hand on a keyboard
GETTY IMAGES

You’ve found a great, new cooking site you’ve heard a lot about, but to gain access to its recipes, you have to create an account.

For some people, this is no big deal because they use this site and others like it regularly. But if you’re hesitant about creating another username and password and sharing your email address — to prove you’re a living, real person and not an automated “bot” — divulging this information may not be worth a few recipes.

But wait. The site offers you an option to sign in with your Facebook or Google account without having to create a new login. With one click, you can access the site’s content. Facebook or Google can verify your account with the site by sending a security token that essentially confirms, “Yes, this person is who they say they are. Go ahead.”

This process, called open standard for authorization (OAuth) is a way for internet users to grant websites and applications access to their information without sharing their password. Essentially, OAuth opens a back door to a website because you’ve already established two-factor authentication on your Facebook or Google accounts.

Typical of most time-saving approaches, using OAuth to gain entry to websites has its benefits and some drawbacks. We break down what you need to know here and tell you how to remove your account if you already signed up with your Facebook or Google ID.

Safer than you might think

Signing into a site with your Facebook or Google ID is likely safer than creating a new account and trusting that the site takes cybersecurity seriously. The new site will never have access to your Facebook or Google passwords. That information is still between you and those services.

The real benefit of using other password-protected sites like Facebook and Google to gain entry to a new site is having one less password to remember. Unless you use a password manager, which creates unique passwords — often a long, computer-generated combination of numbers, characters and upper and lowercase letters — and encrypts and saves them, you probably don’t want to add another password to your list.

Think of it like this: The website you’re entrusting with your password is likely more vulnerable to a breach or hack than Facebook or Google, which have both invested heavily into security on the back end. Facebook learned this lesson in 2018 when its massive data breach affected about 50 million users.

Websites aren’t the only ones that leverage the OAuth open standard. A lot of apps and gaming sites request sign in with Facebook or Google IDs to save your progress and synchronize among multiple devices. This allows you to start playing a crossword puzzle on a smartphone and finish it on your computer later.

Your personal information is still out there

No matter how convenient, you shouldn’t be too trusting of sites that use single sign-on (SSO), a user identification method that allows you to log in with one ID to several independent sites. Chances are good that the website you just signed into with your Facebook or Google ID now has access to, at a minimum, your Facebook public profile or your email address, which may invite spam.

This means the new site can access your contact and friends list, post to your wall and even monitor the kinds of posts you “like” in your circle of friends. Facebook and Google benefit, too. Everything you likely do at this new website is sent back to either of them.

What they do with that information is called retargeting. This occurs when digital ads magically appear featuring products or services you’ve viewed online.

Facebook and Google regularly track your online behavior, including ads you see and interact with; apps you use; games you play; purchases and transactions you make; and your demographic information such as age, gender, race and where you live. That's why searching Google to find deals on air fryers brings up ads for those trendy kitchen countertop appliances on Facebook afterward. 

You can protect your browsing activity. You can opt out of behavior tracking on Facebook and Google in your privacy settings.

To review your off-Facebook activity:

• Click your profile picture in the top right of Facebook.

• Select Settings & Privacy | Settings.

• Click Privacy in the left menu.

• Select Your Facebook information.

• Click Off-Facebook activity to review.

From here, you can click Recent activity for more information. You'll be asked to re-enter your password.

For Google:

• Go to Google.com and click your photo in the top right.

• Select Manage your Google Account.

• Tap Data & privacy at the top left.

• Select what you want to pause, such as Location HistoryWeb & App Activity or YouTube History.

Some technology companies now prompt users to opt out of having information shared with other entities. Apple’s app tracking transparency permissions feature, now on Apple TV, iPad and iPhone, allows you to choose if an app tracks your activity on other apps and sites. Interestingly, and ironically, Apple will play short ads tied to your location before airing podcasts on its platform.

How to manage and delete your information

If you’ve used Facebook or Google to sign on to a website, the good news is you can look at a list of those sites and select the ones to remove — or all of them — using your computer, smartphone or tablet. You can also install virtual private network (VPN) software to browse anonymously and avoid having to share information altogether. Here’s how:

Facebook

On your computer:

• Log in, then click the downward triangle ▼ in the top right corner.

• Click Settings & privacy | Settings.

• Click Security and login | Apps and Websites in the left side menu.

• Now tap the site, app or game on the list and click View and Edit or Remove.

On an iPhone or iPad:

• Open the Facebook app and tap the hamburger menu icon ☰ in the lower right corner. 

• Select Settings & privacy | Settings.

• Scroll down to the Permissions section, then tap Apps and Websites.

• Tap each site, app or game on the list and click View and Edit or Remove.

spinner image Red AARP membership card displayed at an angle

Join AARP today for $16 per year. Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP The Magazine. 

On an Android device:

• Open the Facebook app, then tap the hamburger menu icon ☰ at the top right.

• Select Settings & Privacy | Settings.

• Scroll down to Apps and Websites.

• Select Logged in with Facebook.

Google

You can also see any services connected to your Google account. Just like with Facebook, you can remove access by selecting the site or app and then clicking Unlink

If some sites or apps won’t allow you to unlink this way, go directly to them and visit Settings to see how to unlink your Google ID.

• Go to myaccount.google.com/security.

• Under Third-party apps with account access, select Manage third-party access at the bottom.

• Click on an app or service to see what it can access.

• Select Remove Access

You can also take this time to review which sites, apps and services have access to other parts of your Google account, such as your Gmail inbox and calendar.

Google’s opt out by request

The world’s No. 1 search engine is making it easier for users to ensure their information doesn’t appear in online search results. Google rolled out a new policy that allows you to request removal of your personal data, such as your name, email and street address. Before, users had to justify this request with evidence of identity theft or other type of wrongdoing.

Fill out and submit the online form. On the form, click Remove select personally identifiable information (PII) or doxxing content from Google Search | Start removal request button.

You’ll be prompted to answer a series of questions about the kind of personal information you want removed. Examples include personal contact information such as your email address, mailing address and phone number; content that can lead to identity theft, such as bank account and credit card numbers or images of your signature; login IDs and passwords; medical records; and other confidential info.

Google will send an automated email confirmation, review the request and gather more information from you if needed. Google then will send you notification of any action taken on your account information.

In the coming months, Google plans to roll out another tool that automatically removes your information with just a few clicks, without having to submit a request form.

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member?