We’re all used to seeing “Log in with Facebook” or “Log in with Google” at sites around the internet — or less frequently, an offer to log in with Twitter, LinkedIn or Pinterest. It’s a common option at news sites, music streaming services and tens of thousands of other online retailers, apps and games.

Logging in with a main account whose credentials you easily remember saves you the trouble of going through yet another laborious account creation and memorizing dozens of passwords. It allows you to easily post about something you’ve just read or bought.

But what exactly are you signing up for?

Reasons Facebook Login is used

The biggest reason to rely on the Facebook Login option is the least flattering: you’re terrible at passwords. Not letting Facebook handle this authentication — what’s called a “social login” — often leads people to choose a simple password or reuse a password.

Either choice weakens your account at the site you could have logged into via Facebook. Password reuse also risks every other account with the same password — it only takes one data breach to leave them all open.

Assuming you set a reasonably strong password for your Facebook account and protect it with multi-factor authenication, Facebook Login effectively ends a security worry. The third-party site never sees your Facebook password; instead, the social network sends it a temporary token confirming that it’s you.

Requesting your data

Logging in to a website using a service such as Facebook or Google allows the website to make a request for data about you. Facebook and LinkedIn have quite a lot of data available for request: your birthday, friends list, email address, employment, colleges attended, photos and information that your friends have posted about you (for example, tagged photos).

The exact data that the website is requesting pops up in a window asking for permission. Saying yes to that request adds one more tiny bridge between the virtual world of your online self.

This seemingly small agreement can carry larger repercussions. Linking two or more sites allows companies to collect more data, building an increasingly rounded profile about you. Allowing one account to have access to others means that if the least secure account is hacked, the rest could also be compromised.

Social networks don’t inherently have value as a trusted source of identity. Privacy is not the main concern of a social network; like any for-profit company, its focus is on monetizing its product. The data held by social platforms and service providers like Google covers your habits and preferences.

Adjust Facebook App permissions

In response to privacy concerns, Facebook does allow you to log in to third-party apps without having to give permission to share personal details like your name, email, birthday and so forth. Make sure you suspend the connection for apps you’re no longer using. You can do that by going to Facebook Settings (once logged into Facebook, click on the down arrow next to the question mark in the upper right) and select Settings. Once there, click on Apps and Websites. On that page you can click on any connected app and see the information the app has access to and can change those access privileges, or completely remove the app.

Security matters

Signing into several sites with the one login can leave accounts as vulnerable as the one with the lowest security. So-called daisy-chained accounts can also make identity theft easier for would-be scammers.

If a trusted source of your identity is less secure — whether that’s Facebook, Google or another account — they risk becoming the weak link in the chain that gets targeted by attackers.

There’s also the possibility that less meticulous sites may do something else with your data than what you agreed to — for example, selling it to a third or fourth company that you do not want to hold any aspect of your online identity. Before you sign into a site with your existing social account, make sure you trust the third-party site.

The rules of logging in

People use Facebook and Google login because it’s easier than creating a new account. The benefits of sailing smoothly past logins and account registrations often mean trading away some data privacy.

• Be aware that if you choose to log in with a social account, your data will be shared between the social network and the third-party app. Stay updated on your social networks’ privacy policies, and use the social login accordingly at sites you feel comfortable sharing data with.


• Don’t use your main account to log in to a site whose security you don’t trust.


• Don’t link a social profile to sensitive info like your Social Security number or financial details. In these cases, a separate account and password is your safest bet.

The alternative

Converting a site from a Facebook login to a different authentication — like the standard combination of e-mail address plus password — may get complicated. For instance, at Spotify you’ll have to contact support to get playlists created under a Facebook login moved to a new account.

The best choice is to use a password manager. The browser and mobile apps save your passwords in an encrypted stash so they can fill them in automatically. They can also scan your existing passwords for weak ones and generate strong replacements for them. And they work at sites that don’t allow any social login.