AARP Hearing Center
You’ve found a great, new cooking site you’ve heard a lot about, but to gain access to its recipes, you have to create an account.
For some people, this is no big deal because they use this site and others like it regularly. But if you’re hesitant about creating another username and password and sharing your email address — to prove you’re a living, real person and not an automated “bot” — divulging this information may not be worth a few recipes.
But wait. The site offers you an option to sign in with your Facebook or Google account without having to create a new login. With one click, you can access the site’s content. Facebook or Google can verify your account with the site by sending a security token that essentially confirms, “Yes, this person is who they say they are. Go ahead.”
This process, called open standard for authorization (OAuth) is a way for internet users to grant websites and applications access to their information without sharing their password. Essentially, OAuth opens a back door to a website because you’ve already established two-factor authentication on your Facebook or Google accounts.
Typical of most time-saving approaches, using OAuth to gain entry to websites has its benefits and some drawbacks. We break down what you need to know here and tell you how to remove your account if you already signed up with your Facebook or Google ID.
Safer than you might think
Signing into a site with your Facebook or Google ID is likely safer than creating a new account and trusting that the site takes cybersecurity seriously. The new site will never have access to your Facebook or Google passwords. That information is still between you and those services.
The real benefit of using other password-protected sites like Facebook and Google to gain entry to a new site is having one less password to remember. Unless you use a password manager, which creates unique passwords — often a long, computer-generated combination of numbers, characters and upper and lowercase letters — and encrypts and saves them, you probably don’t want to add another password to your list.
Think of it like this: The website you’re entrusting with your password is likely more vulnerable to a breach or hack than Facebook or Google, which have both invested heavily into security on the back end. Facebook learned this lesson in 2018 when its massive data breach affected about 50 million users.
Websites aren’t the only ones that leverage the OAuth open standard. A lot of apps and gaming sites request sign in with Facebook or Google IDs to save your progress and synchronize among multiple devices. This allows you to start playing a crossword puzzle on a smartphone and finish it on your computer later.
Your personal information is still out there
No matter how convenient, you shouldn’t be too trusting of sites that use single sign-on (SSO), a user identification method that allows you to log in with one ID to several independent sites. Chances are good that the website you just signed into with your Facebook or Google ID now has access to, at a minimum, your Facebook public profile or your email address, which may invite spam.
This means the new site can access your contact and friends list, post to your wall and even monitor the kinds of posts you “like” in your circle of friends. Facebook and Google benefit, too. Everything you likely do at this new website is sent back to either of them.
What they do with that information is called retargeting. This occurs when digital ads magically appear featuring products or services you’ve viewed online.
Facebook and Google regularly track your online behavior, including ads you see and interact with; apps you use; games you play; purchases and transactions you make; and your demographic information such as age, gender, race and where you live. That's why searching Google to find deals on air fryers brings up ads for those trendy kitchen countertop appliances on Facebook afterward.
You can protect your browsing activity. You can opt out of behavior tracking on Facebook and Google in your privacy settings.
To review your off-Facebook activity:
• Click your profile picture in the top right of Facebook.
• Select Settings & Privacy | Settings.
• Click Privacy in the left menu.
• Select Your Facebook information.