It’s not you, Facebook, it’s me.
That’s a very good question. I recommend not using Facebook, Google, or other third-part services to sign in to other sites, for both privacy, and security reasons. But, I know many have already done so.
A related question might be figuring out all the places you’ve done so, as it’s easy to do and just as easy to forget.
To begin with, yes, Google/Facebook has your information. But you can disconnect and stop contributing to this form of data collection while improving your overall security at the same time.
Become a Patron of Ask Leo! and go ad-free!
Undoing 'Sign in with Facebook'
Both Facebook and Google have pages where you can review the third-party sites, apps, and services you’ve used to authenticate with them. You can sever the connection. This will not remove data already collected but will prevent further accumulation using this method. For each disconnection, you’ll need to set up unique traditional email/password sign-ins.
Find out where
In many cases, it’s pretty obvious where you’ve used “sign in with Facebook” or its Google (or other) equivalent. Each time you go to those services, you’re prompted to sign in using them.
However, it’s also possible to set it up once because it’s quick and convenient, and then forget all about it because you’re never asked to sign in again. The sign-in is almost permanent.
Fortunately, it’s fairly easy to have Facebook or Google tell you where you’ve used this technique.1
- Facebook: https://www.facebook.com/settings?tab=applications&ref=settings
- Google: https://myaccount.google.com/connections
These links will open a page that lists where your Facebook or Google credentials have been used to sign in to some other service.
In the Facebook example above, you can see that not only current websites are listed, but you’ll also see those where the sign-in credentials have expired. My list was quite long.
Review the list of connections. Consider hitting “Remove” for all of them, but on the off chance there is one you want to keep, at least make it a conscious decision. (Sites do exist that have no sign-in function of their own and require you to use a third-party sign-in like Facebook’s.)
Interestingly enough, in my case I saw connections for sites where I don’t use Facebook to sign in. For one reason or another, I had given Facebook access (often to allow the site to post something to Facebook on my behalf). I removed them all.
Create a new, unique, sign in
This is where it gets dicey.
On each service where you previously used “sign in with Facebook”, try to sign in with your email address. Be sure to use the same email address you use for Facebook.
You may need to do a password reset or “I forgot my password” to set a password associated with your email address.
I’m assuming that in most cases your Facebook ID (which is your email address) is also used as your ID for this other service. In other words, you have an account associated with your email address, and you’re simply changing how you authenticate.
Here’s why it’s dicey: the service might not use your email address as an ID. Once you disconnect “sign in with Facebook”, the service will have no idea how to identify you. You may need to create a completely new account, this time using email/password authentication rather than Facebook.
You may want to see if you can do this before removing the connection to Facebook, or at least confirm that your account is identified by the same email address.
The big hammer
You might note this option near the bottom of Facebook’s “Apps and Websites” page.
Clicking “Turn off” will remove all the existing connections and prevent any new connections from being created. Facebook will, of course, warn you about what it considers dire consequences:
I present this option last because there could be at least one service where you’ll need or want to continue to use sign-in with Facebook. Turning that functionality off will disconnect all services completely.
Review your Facebook (and Google) connections to other websites, apps, and services. You may find there are more than you expect or remember. For each connection, decide whether it’s a relationship you’re comfortable with or that’s required. If not, consider removing it.
Something else to consider: Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Footnotes & References
1: Presumably other “sign in with” providers have similar functionality.