When you use single-sign-on (SSO), there is an expectation that security is baked in. Therefore, as soon as we see a “log in with Google” or “log in with Facebook/Twitter” button, we pass on our email without a second thought. Social media companies, email marketing firms and app providers further circulate these email addresses all over the Web. However, it is possible to minimize your email’s exposure by gaining visibility of the accounts linked to your email address. The following steps show how to regain control of your email by ceding access to only trustworthy third parties.
1. From the Web Version of Email
Popular email providers such as Gmail, Outlook and Yahoo have built-in access controls to view third-party accounts, add access, and revoke access where not needed. To gain visibility, sign in to your respective emails on a web browser.
a) Google
Once you’re logged in, Google has a linked accounts page where you get central visibility of all third-party sites and apps which have permission to use your Google account. You may not remember providing access to these services, but this page is where you can easily unlink them. Google has another page behind “My Account” called “Apps with access to your account.” This is where you can view all external apps with access to your Google SSO credentials. The access permissions aren’t universal but are granular based on service demand. For example, in the following screen, Microsoft apps and services are allowed access to Gmail, but Zoom has access to only Google Calendar. You can easily remove access to unimportant apps from this menu. Very few trusted apps should be allowed access to reading, composing, sending and permanently deleting Gmail emails. In the following example, the access to Microsoft services has been provided because I use Gmail on Outlook.
b) Outlook/Hotmail
If you’re using Outlook or Hotmail, sign in to a web browser first, then go to “Settings -> View All Outlook settings -> Sync email.” It is there that you can unsync any other accounts from Outlook. To remove any active subscriptions from Outlook, go to the “Subscriptions” menu.
c) Yahoo
Yahoo also has an easy way to remove access from third-party apps. For this, go to the “Settings” icon followed by “More Settings -> Mailboxes.” Click “Add mailbox” to further add any new accounts. You can also remove the accounts here. Yahoo offers a choice of different email providers, such as Google, Outlook, Office365 and AOL. Add any one of them to proceed.
2. From Mail Search Box
Most mail providers have a search box where you can use a predefined search criteria to fish out any accounts and subscriptions connected to your email. This procedure is somewhat manual but allows more extensive identification of third-party apps connected to your email. To do this, first sign in to the respective emails on a web browser.
a) Gmail
Gmail has a prominent advanced search menu. Here you can search for any third-party accounts connected to Gmail in the “subject” field. You can enter search terms such as “welcome,” “Activated,” “subscription” or “renewal.” Adjust the date range as needed. Once the search results come in, you’ll get a top-down listing of all services connected to your Gmail account. To revoke access to any of them, click the unsubscribe button or filter and block them from the Gear icon on the top right.
b) Outlook/Hotmail
Outlook.com has a similar advanced search menu where you can adjust the date range and enter the desired keyword in the subject. Unsubscribing and revoking access for any company is similar to Gmail.
c) Yahoo
Yahoo Mail also has an advanced search box with date range and subject field. The modus operandi of identifying connected accounts and deleting their privileges is very similar to the above.
3. From Third-Party Services
If you used your Gmail, Outlook or any other email to register for a social media account, chances are this email has been circulated a lot more than you realize. You have to individually revoke the access for concerned apps.
a) Facebook
Once you’re logged in in to Facebook on the Web, go to “Settings and Privacy” followed by “Settings.” On the left menu on the side, you can see an option “Apps and websites.” Open it to view the apps using your Facebook account (and in turn your email, possibly). As shown here, Facebook has shared the registered Gmail account with another app called Pinterest.
b) Twitter
Twitter also has a “Settings” area where you get full details of your account security. Go to “Apps and sessions” to proceed. Once logged in properly, click “connected apps.” Below you can see a list of apps which are connected to Twitter. Some, but not all, have access to your email address. Once you go inside the apps, you realize which ones have access to your Twitter (and email) credentials. Revoke the access if needed.
c) LinkedIn
LinkedIn has a feature in its “Settings” called “Partners & Services,” where you can view the third-party providers with access to LinkedIn and, possibly, your email. In the following screen, Microsoft and Twitter are shown.
d) Instagram
On Instagram, go to “Settings” followed by “Apps and websites.” If you’ve added any email as an Instagram user, you can revoke the access now.
An Important Warning
There are certain online services which claim to capture all the accounts connected to your Gmail and other email addresses. I checked out a company called “deseat.me” which required signing in with Gmail/Outlook. But Google immediately blocked this app for me as sensitive Gmail info was at stake. If Google doesn’t trust these third-party services which claim to know everything about your email, neither should you. Thus, if you want to gain connection visibility of your email regardless of whether it’s Gmail or Outlook, it’s best to do it manually using the methods shared in this article. Do not fall prey to any companies that claim to do it on your behalf. Given the huge number of social media sites and apps, it’s impossible to find out how frequently your email address has been shared. Nevertheless you can reclaim control by modifying the settings of Gmail, Outlook, or Yahoo to help with visibility. To further reduce the exposure, revoke access to apps and websites that use your Facebook, Twitter, Instagram, or LinkedIn. We are providing a shortcuts cheatsheet for Twitter.