This 1 Privacy Mistake Leaves All Your Accounts Exposed (Do This Now)
A guide to optimal account hygiene
A few weeks ago, someone in my audience reached out with a question:
“Hey, I’ve been using ‘Sign in with Google’ for a bunch of apps—Spotify, Medium, and some other random tools. But now I’m thinking about ditching Gmail. What happens to all those accounts? And is there a way to undo it safely?”
At first I was glad to see they were contemplating ditching Gmail.
Smart choice.
But there was one glaring part of that question that made me pause.
It’s the first part about using “Sign in with Google". They had no idea that this on the top 10 list of biggest mistakes in my opinion.
Because here’s what most people don’t think about:
If you’re still using Google, Facebook, or Apple to log into apps you’ve effectively built a single point of failure.
I mean I get why people use it.
It’s fast. No passwords to remember. One click and you’re in.
But that convenience? It comes at the cost of long-term control.
If that account ever gets suspended, hacked, or shut down?
You could lose everything connected to it.
If you’ve ever wondered whether this is a problem, or what would happen if you tried to pull the plug—this post is for you.
Today I’m going to show you my thought process here and how to go about this in “the right way”.
First, I have a MASSIVE offer going on right now!
Until I reach 5,000 Subscribers I’m giving anyone who becomes a Firewall Insider 25% off for life! This covers monthly or yearly memberships.
This is going to go fast (already over 4,800) so don’t wait, get the most out of my platform by becoming a Firewall Insider today!
The Trap You Didn’t Know You Stepped Into
“Sign in with Google” looks harmless.
Fewer passwords. Faster access. No account to set up.
But under the hood, it’s one of the most overlooked privacy trade-offs you can make.
Every time you click that button, you hand the app a set of keys:
Your name and email
Profile photo
Device and browser data
And in many cases, a permanent connection to your account
You don’t get to pick how long that door stays open.
It stays open until you remember to close it.
And let’s be real most people never do.
These apps don’t just check your identity once.
They hang on to that access, year after year, across devices, often with permissions you don’t even remember granting.
Lose access to your Google account?
You’re locked out of everything tied to it. No reset. No recovery. No workaround.
That’s not a glitch in the system.
That is the system.
If you’ve used SSO logins more than once or twice, now’s the time to start reversing course—before the whole stack collapses on you.
⚠️ P.S. If you’re starting to realize how much of your online life is now unconsciously habitual, it’s time for a pattern interrupt.
My free 5-Day Privacy Reset email mini-course is built for you. One small shift a day to help you stop leaking data and take back control quietly, without flipping your life upside down.
What’s Actually Happening When You Click “Sign in with Google”
When you click that button, here’s what’s really going on:
Google authenticates you on behalf of the third-party app.
That app then gets access to whatever data Google decides to pass along—your name, email, profile photo, sometimes even location or calendar data.
It also gets an auth token—a sort of digital backstage pass that can be reused to log you in again and again, without your involvement.
That token?
It doesn’t expire when you stop using the app.
It doesn’t get revoked when you delete the app from your phone.
And unless you manually revoke access through your Google account settings, that token stays live.
So while you’re thinking, “I logged in once, no big deal…”
that app still sees you.
And if that app gets sold, hacked, or quietly shifts business models (which happens constantly)?
That access gets passed along with everything else.
Same thing goes for Facebook login and Apple login—although Apple at least gives you the option to mask your email (and actually limits what gets shared, most of the time).
But Google and Facebook?
We all know they are in the business of collecting data but they’re also in the business of connecting data. This is how they built the empire.
So every time you use SSO, you’re not just making life easier.
You’re wiring more of your online identity into a single, centralized point of failure and hoping cyber criminals don’t take notice.
If you’d like to support my mission but not ready to become a Firewall Insider, please consider Buying Me a Coffee. This will help provide better tools in the future.
How to Fix It: Your 5-Step Exit Strategy
This won’t take you hours.
You’re not rebuilding everything, but taking these steps will be crucial to decentralizing your exposure.
Here’s how to get out of the “Sign in with Google” trap (safely):
1. Check What’s Connected to Your Google, Facebook, or Apple Account
Start by looking under the hood.
Google:
Go to myaccount.google.com/permissionsFacebook:
Go toSettings > Apps and WebsitesApple:
Go toSettings > Apple ID > Password & Security > Apps Using Apple ID
You’ll see a list of apps and sites that still have access, even if you haven’t used them in years.
2. Make a List of Accounts That Rely on SSO
Open each of those apps and take note:
Do you have a way to log in directly with an email and password?
If not, it’s time to create one.
Start a short list. This is your SSO migration list.
3. Set Direct Login Credentials for Each One
For each app on your list:
Go to the account or profile settings
Add an email + password login (you may need to reset your password via the app’s website)
Use a secure, unique password—this is where your password manager comes in
I use ProtonMail and ProtonPass for email and password storage—simple, encrypted, and zero tracking.
If you're looking for a full list of my recommended privacy focused platforms, here are my recommendations.
4. Enable 2FA and Add Backup Options
Once direct login is set:
Turn on two-factor authentication
Add a backup email and/or phone number that isn’t tied to your Google or Facebook account
This ensures you can still access your account if you lose access to your primary email provider later on.
5. Revoke SSO Access from the Original Provider
Once you’ve confirmed you can log in without Google/Facebook/Apple, go back to your account settings and revoke access from the provider’s dashboard.
You don’t want old tokens hanging around for someone else to exploit.
Don’t forget this step, it’s probably the most important.
You don’t have to do this all at once.
Start with the apps that that contain the most high value information and chip away from there.
Every account you reclaim is one less weak point in your system.
What Happens If You Don’t?
Let’s say you ignore all of this.
You keep using "Sign in with Google" because it’s easy. It works. You haven’t had a problem—yet.
That’s exactly how most people get burned.
In 2023, attackers breached Okta’s systems. If you’ve never heard of them, Okta is the backbone for identity and Single Sign-On at huge companies—think banks, health systems, government contractors. The works.
The hackers didn’t need passwords. They didn’t need to break into accounts one by one.
They got in by stealing support session tokens—the same kind of access keys that power SSO logins.
Once they had those tokens, they could impersonate users, bypass logins, and walk straight into sensitive customer data. All because the system trusted those tokens blindly.
And this wasn’t a fluke.
It was the exact weakness that makes SSO so risky: if one token gets stolen, everything it’s connected to is now up for grabs.
Now picture that happening to your Google account.
Every app, every service, every login you linked to that SSO button—compromised. No warning. No way back in.
If you’ve built your digital life around one login, you’re betting everything on it never being compromised, sold, suspended, or hijacked.
That’s not a risk worth living with in my opinion.
Cut One Leak—Now Stop the Rest
By fixing your SSO setup, you just closed one of the biggest privacy holes most people never notice.
But here’s the thing:
Even if you ditch Google logins, change your passwords, and start fresh…
your data is still out there.
Your name, email, phone number, home address, relatives, property records, even photos of your front door—scraped and sold by data brokers you’ve probably never heard of.
They don’t ask permission.
They don’t care if you opt out.
And they don’t stop unless you make them.
That’s why I built the Opting Out of Data Brokers Guide.
It’s a step-by-step walkthrough that shows you:
Which brokers are the worst offenders
How to remove yourself without paying for shady services
The exact scripts, links, and tools to cut your info from their databases
And how to keep it from coming back
No guesswork. No legal jargon. Just the system I use to keep myself, my clients (and my family) off their radar.
You took the first step by cutting off access.
Now make sure no one else is selling what you already gave away.
Let’s Talk About It
How many accounts are still tied to your Google or Facebook login?
What’s your plan if that account ever gets locked, suspended, or wiped out?
Or maybe you've already tried switching—but ran into walls you didn’t expect.
Drop your experience in the comments. The more we share, the stronger this community gets.
And if this post made you rethink even one part of how you log in—
restack it.
Someone in your circle is one click away from a very bad day.
If you’d like to support my mission but not ready to become a Firewall Insider, please consider Buying Me a Coffee. This will help provide better tools in the future.
Coming This Weekend:
Weekend Wins: Threads – The Privacy Trade-Off You Didn't Know You Made
Threads is blowing up.
It’s smooth. Familiar. Tied to your Instagram.
And it’s quietly vacuuming up way more of your data than you think.
In Saturday’s post, I’ll walk you through a 3-minute settings fix to reduce what Threads sees, stores, and shares—without killing your feed.
It’s the kind of fix you’ll wish you did months ago.
Stay tuned. It’s a good one.
Until then…
Jason, thanks for providing this vauable info free on Substack, I could NEVER keep up with all the info I have gained from this site...am low on the income scale, and if I were to subscribe to all those that have been a positive in my life from this site I would be broke...and now I feel a bit more confident in basic safety on my cell and laptop... thank you very much.
What does SSO stand for? When you use acronyms like this, you should explain what they are.