Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Breaking Up with “Sign in With Facebook”: a Step-by-Step Guide

It's not you, Facebook, it's me.

Using Facebook to sign in to other accounts isn't optimal. Here's how to sever that relationship.
Log in with Facebook on a 3rd party site.
Logging in with Facebook to a third-party site. (Screenshot: askleo.com)
Question: Okay, I get it. Don’t use Facebook or Google to sign in. But here’s the unanswered question, i.e. how do you recover from this error? If you already did this move at a website as I unfortunately have, how do you undo it? Do you just establish another login and don’t use FB/Google link again? Or is it just too late ‘cuz FB/Google already has your info and just continue using FB/Google sign-in method?

That’s a very good question. I recommend not using Facebook, Google, or other third-part services to sign in to other sites, for both privacy, and security reasons. But, I know many have already done so.

A related question might be figuring out all the places you've done so, as it's easy to do and just as easy to forget.

To begin with, yes, Google/Facebook has your information. But you can disconnect and stop contributing to this form of data collection while improving your overall security at the same time.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Undoing 'Sign in with Facebook'

Both Facebook and Google have pages where you can review the third-party sites, apps, and services you've used to authenticate with them. You can sever the connection. This will not remove data already collected but will prevent further accumulation using this method. For each disconnection, you'll need to set up unique traditional email/password sign-ins.

Find out where

In many cases, it's pretty obvious where you've used "sign in with Facebook" or its Google (or other) equivalent. Each time you go to those services, you're prompted to sign in using them.

However, it's also possible to set it up once because it's quick and convenient, and then forget all about it because you're never asked to sign in again. The sign-in is almost permanent.

Fortunately, it's fairly easy to have Facebook or Google tell you where you've used this technique.1

These links will open a page that lists where your Facebook or Google credentials have been used to sign in to some other service.

Facebook Apps and Websites
Facebook will show you which apps and websites you're signing into with it. Click for larger image. (Screenshot: askleo.com)

In the Facebook example above, you can see that not only current websites are listed, but you'll also see those where the sign-in credentials have expired. My list was quite long.

Remove connections

Review the list of connections. Consider hitting "Remove" for all of them, but on the off chance there is one you want to keep, at least make it a conscious decision. (Sites do exist that have no sign-in function of their own and require you to use a third-party sign-in like Facebook's.)

Interestingly enough, in my case I saw connections for sites where I don't use Facebook to sign in. For one reason or another, I had given Facebook access (often to allow the site to post something to Facebook on my behalf). I removed them all.

Create a new, unique, sign in

This is where it gets dicey.

On each service where you previously used "sign in with Facebook", try to sign in with your email address. Be sure to use the same email address you use for Facebook.

You may need to do a password reset or "I forgot my password" to set a password associated with your email address.

I'm assuming that in most cases your Facebook ID (which is your email address) is also used as your ID for this other service. In other words, you have an account associated with your email address, and you're simply changing how you authenticate.

Here's why it's dicey: the service might not use your email address as an ID. Once you disconnect "sign in with Facebook", the service will have no idea how to identify you. You may need to create a completely new account, this time using email/password authentication rather than Facebook.

You may want to see if you can do this before removing the connection to Facebook, or at least confirm that your account is identified by the same email address.

The big hammer

You might note this option near the bottom of Facebook's "Apps and Websites" page.

Turn off sign-in with Facebook completely.
Turn off sign-in with Facebook completely. Click for larger image. (Screenshot: askleo.com)

Clicking "Turn off" will remove all the existing connections and prevent any new connections from being created. Facebook will, of course, warn you about what it considers dire consequences:

Confirming the sign-in with Facebook turn off.
Confirming the sign-in with Facebook turned off. (Screenshot: askleo.com)

I present this option last because there could be at least one service where you'll need or want to continue to use sign-in with Facebook. Turning that functionality off will disconnect all services completely.

Do this

Review your Facebook (and Google) connections to other websites, apps, and services. You may find there are more than you expect or remember. For each connection, decide whether it's a relationship you're comfortable with or that's required. If not, consider removing it.

Something else to consider: Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Footnotes & References

1: Presumably other "sign in with" providers have similar functionality.

7 comments on “Breaking Up with “Sign in With Facebook”: a Step-by-Step Guide”

  1. speaking of FB sign in, what do you think of the option of signing into FB by clicking your profile pic? you won`t have to enter a password if you enable it. it seems to me anyone who knows your email address would be able to sign in with it.

    Reply
  2. I use one of two email addresses I have for sign-in purposes when I create accounts. Which address I use depends on what the account is for. I have always avoided using the sign in with Google/Facebook/etc. options because I don’t want to give any of those services any more information about me than I already have to. When I set up an account, I am usually asked for my email address, and that address is used to confirm that that I have access to the address, and as my user name for the account, and that’s O.K. with me because it doesn’t give Google or MSFT (the providers of my email accounts) any extra information about me. There are two games I like to play, both of which asked me to sign in with Facebook to enable progress recovery in the event I have to re-install the app. I did so for both games, and for that I have no regrets. There has been more than one time I’ve used that capability after reinstalling the game(s)/re-installing Windows, etc. This is yet another case in which my natural caution has served to protect my privacy – again :).

    Ernie (Oldster)

    Reply
  3. That’s odd! I just read an article (won’t mention the source), but I avoid Google/FB like the plaque. They have too many tracking techniques that scare the bee-geebies out of me! Of course, as said, they have your info. It’s the nuclear waste of DATA!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.