nullpay.
Back to toolkit
IdentityIntermediate20 minall

Social Login Audit

Risk

The risk

Why this matters

'Sign in with Google/Facebook' gives the identity provider a log of every service you use and when. One account suspension cascades everywhere. Convenience is surveillance.

Setup guide

How to set it up

  1. 1

    Audit: check Google (myaccount.google.com/permissions) and Facebook (facebook.com/settings?tab=applications) for connected apps

  2. 2

    For each connected app: create a standalone account with email alias + password

  3. 3

    Revoke the social login connection after migrating

  4. 4

    Going forward: always choose 'Create account with email' over social login

  5. 5

    Exception: 'Sign in with Apple' is acceptable — it generates relay email addresses