Are you still using Sign in with Google? Here’s why you should stop

There was a time in the late 2000s and early 2010s when seeing a “Sign in with Google” option on a new website or service was a sign of relief for me. I didn’t need to create a new username and password or fill in unnecessary details all over again about my age or location — I could just log in using my Google account with a click.

I went all-in on that… until I stopped. And for a few years now, I have not used the “Sign in with Google” or “Continue with Google” option on any important website or app when first creating my account. I might opt for the shortcut on minor websites, but not important ones. Here’s why using Google sign-ins is a bad idea and why you should stop doing it.

It’s a bad, bad idea in the year 2026 to trust Google with your entire digital presence. I don’t say this as someone who hates Google, but as someone who has three Google accounts and lives in Chrome, Maps, Photos, Drive, Calendar, and Gmail. I heavily rely on the company’s services, but that also makes me completely aware of the perils of relying on it more than necessary.

If you forget your Google login or lose it because you left it inactive for two years, if you somehow get locked out of your account, if you lose access because of a phishing or hack, or if Google decides to enact its ban policy on your account, you are done. Yes, you lose access to all of your communication and any personal data you haven’t backed up (this is why I combine Drive and Photos with a personal NAS, by the way), but you don’t want to lose access to everything else, too.

That’s the risk with signing in with Google and having a single point of failure for your entire digital life. Each time I’m tempted to click that button to avoid creating a new account, I remember that if my Google access is gone, then so is everything else. My to-do list, ChatGPT or Claude account, travel planning, language learning, food delivery, ride-share, smart home, social presence, and even more crucial apps and services like my electricity provider, phone line, or alarm company should not rely on access to a Google account.

Seriously, check Reddit to see horror stories of people getting their Google accounts closed, banned, or hacked, and read about everything they lost with it. You don’t want to be in that story. You don’t want to gamble all of that access on one massive hack or the whims of an often unrevokable ban policy.

There’s more than just the risk of losing access to your services, though, if you rely on “Sign in with Google.”

One of these risks is due to modern Adversary-in-the-Middle (AiTM) attacks, which can bypass your two-factor authentication (2FA) entirely. Instead of just stealing your password, some hackers use “reverse proxies” to mirror the real Google login screen in real-time, all while relaying back to the actual Google server. When you choose to “Continue with Google” and log in with your account on this fake page, the request gets sent to Google, which asks you to verify with a code or tap “Yes, this is me” on another phone. And that’s exactly how you make yourself vulnerable because the attacker intercepts the session token that Google sent back to your browser. By stealing that pass, the hacker can stay logged into your account on their own device without ever needing your password again, making traditional text-code security largely obsolete against professional phishing kits.

While not everyone will be a target of these attacks, one of the best ways to avoid them is to skip signing in with Google by default, anywhere, by principle. If I’m only manually opening Google.com or Gmail.com (or Google’s own apps) and signing in, the risks are much, much lower than going through a third-party app that asks me to log in via a pop-up.

The other issue with connecting all of your accounts through a single Google login is that you’re creating a very unified digital footprint of your habits and handing it to Google. The company doesn’t just collect your name and email, but also the apps you use, how often you log in, and where — it’s clearly stated in the official 2026 Privacy Policy. Gemini can, thus, piece together a highly specific behavioral model of your life, knowing you use a mental health app on Mondays or only check your exercise goals on the weekend, even if you never explicitly share this info.

Google is clear that it doesn’t use personal data to train its models, but it says that aggregated, “anonymized” logs of your third-party app usage are fair game. Basically, by linking other services to your Google account, you’re giving the company more data to build your personal profile, but also help it analyze user intent and usage trends across the web on a large scale. Personally, I’d rather slow down the AI tsunami as much as possible, so I’d rather give Google as little data as I can from sources it has no business knowing.

Create more accounts. Yes, that is annoying and time-consuming to upkeep, and yes, it means having to use a password manager to stay on top of all your logins, but it’s the right thing to do.

This is what I started doing a few years ago, as I moved all of my “Sign in with Google” logins to standalone usernames and passwords. Some of these use the same Gmail address, some a secondary one, and some use a Proton email address. That divides things and ensures access to my services is not centralized under one umbrella, and gives me a way to recover my accounts or switch email addresses at any point in the future.

There are many excellent password managers out there, like KeePass, Bitwarden, 1Password, Proton Pass, and more. I personally rely on 1Password and choose to pay for the family subscription to keep it running because it’s given me no reason not to trust it over several years now. Other options are free and may require a bit more upkeep. Whatever you pick, though, make sure it supports two-factor authentication, and enable that on any site or app that allows it. You can also consider using Passkeys (through Google or your password manager) as a middle solution between relying on individual passwords and using the universal “Sign in with Google.” I haven’t made that leap yet. I am reticent to give that much power to one gatekeeper.

Just don’t take the lazy road and use your Google account for everything, please.