We stand with Ukraine to help keep people safe. Join us

Tags Data Protection

Is Sign in with Google or Facebook Safe?

The option of signing in to a website through Google or Facebook is becoming increasingly popular with websites. But…does it mean the website will have access to your account? This article will tell you all you need to know about Google or Facebook-facilitated signing-in and just how safe it is. If you’re concerned about your privacy online, download the Clario app to protect yourself from pop-ups, banners, trackers, and more.

Table of contents

What does signing in with Google or Facebook mean?

Picture this: You’re shopping in a new online store or you’ve found a new blog to be obsessed with. You’re happily browsing away when the website asks you to make an account.


You may not really want to make a new account with this website, after all, making a new username and password to try and remember just to buy a coffee maker seems a bit excessive.


Websites that offer Facebook or Google sign-in allow you to skip account creation entirely. You log in with the service of your choice and the website gets your email address. And with it, they receive confirmation that you are indeed a real person and not a bot.

What happens when you continue to sign in with Facebook or Google?

If you return to a website that you used Facebook or Google to sign in to, you can just log in with Facebook or Google again. There are definitely pros and cons to using Google or Facebook sign-in services that you should consider before proceeding.

The benefits of signing in using Facebook or Google

The main benefits of signing in with Facebook and Google are:

  • Convenience
  • Remembering fewer passwords
  • Making fewer accounts.

Signing in with Facebook or Google tends to be a lot more convenient than creating a new account with every website that asks you to. Rather than having a million different passwords to keep track of (or worse, one password that allows access to everything), you just need to remember your Facebook or Google log-in.


Additionally, the host website never sees your password. When signing in, they only receive a token from Facebook or Google, authenticating that you aren’t a bot.

The drawbacks of signing in using Facebook or Google

Sounds pretty good so far, right? Don’t be fooled, there are certainly catches to this service you should keep in mind.


The main drawbacks of signing in with Facebook and Google are:

  • You’re sharing personal data
  • You rely on Google and Facebook’s security
  • You may be granting a lot of permissions to share your information.

The website you are signing in to will likely request access to some data or aspects of your account. At a minimum, Facebook sign-in usually involves giving access to your public account and email address. And Google sign-in will typically give them your email address.  


While these are relatively small amounts of data (you would likely give them your email address for account creation anyway), you need to be cautious when they ask for more.  

Be careful

When signing in with Google or Facebook, a permissions page will appear. If you aren’t careful, you may agree to let the website have more data than you intended, such as your contact list. Some websites will even ask for permission to post on your Facebook wall on your behalf.

While you can always deny these permissions when signing in, you need to be vigilant and keep in mind that if you do so, the website may not allow you to use that method to sign in.


Another drawback is that you end up putting a lot of faith in one service. When you start using Facebook or Google to sign in to sites, you need to make sure that your account is secure.  

Is signing in with Facebook or Google secure?

When used correctly, signing in with Google or Facebook can actually be more secure than the alternative. Here are some tips to be as secure as possible when using a Facebook or Google sign-in:

Use unique passwords

For security, you should be creating unique passwords for every single account you create. If you aren’t using a password manager, chances are that you’re either using the same password for a lot of accounts or your passwords are weak.

Learn more

Not sure how to create a strong password? Read our guide.

That said, this is not all that different from if a hacker accesses your email account anyway. They can always use the email address they have breached to change all your passwords for the accounts that use that address to gain access.  


This is why you should make sure your email address is as secure as can be. Avoid identity theft at all costs.


This means that if the website gets hacked, the hackers will have your password for not only that account, but potentially other accounts you have with the same login details.  


When you use Google or Facebook sign-in, not only do you not have to create a new password for your account, the host website never sees your password. That means if the website in question gets breached, the hackers will not have access to your passwords.

Set up two-factor authentication (2FA)

If your Google or Facebook account gets hacked, they will essentially have access to all the accounts that you used Google or Facebook sign-in to access.


To prevent this, you should use 2FA and multi-factor authentication wherever you can. This means that if one of your passwords gets leaked, your accounts will remain safe.  

You’re relying on Facebook or Google’s security

Small websites, great as they are, don’t have the resources and security of tech giants like Facebook and Google. Furthermore, if you’re using Facebook or Google sign-in, you already have an account with one of these services and are thus entrusting them with your information. There is definitely logic in restricting how many sites have access to your details, and with Facebook or Google sign-in, you can do just that.


Not only do you rely on Facebook and Google’s security, but you also help them fingerprint you more effectively. Browser fingerprinting is a highly invasive tracking technique that big companies like Google use to predict your interests and offer you more customized ads.  


If you are serious about your browsing comfort and the security of your private data, there is a way to protect yourself. Clario, an anti-tracking app, offers:

  • VPN to encrypt your internet connection so no one can ever connect you to your internet activity
  • Ad blocker to stop annoying advertisements from depriving you of the content you want to see
  • Safari and Chrome extensions to keep you away from phishing websites and links, and so much more.

Here’s a quick guide to how you could protect yourself when you sign in with Facebook and Google:

  1. Download Clario and get a subscription to create an account
  2. On your dashboard, toggle the switch on for Browsing protection
  3. On the next screen, tap Turn on
  4. Allow Clario to add VPN Configurations
  5. You can also choose a different server location from an extensive list, as shown below.

In case of hacking, there’s very little lost

When you sign in with Google or Facebook, the host website never sees your password. That means that in the event that it gets hacked, the hackers will only have access to the limited information that you provided the website. They won’t be able to access your Facebook or Google account or try to sell your password on the dark web.

Revoke access if needed

If you decide at any point you don’t want a website to have access to any of your information, you can easily revoke their access through Google or Facebook. In contrast, when you create an account directly, there is no guarantee that you can delete your account, and even if you do, they may still have your data stored.  

Should you sign in with Google or Facebook?

If you do it right, Facebook and Google sign-in can not only be convenient, but more secure. Remember to use a strong password, set up 2FA on all of your accounts, and keep an eye on the permissions you grant.  

Keep reading

Protect your online accounts with Clario’s anti-tracking solution.

Get started