13 December, 2013

Who or what has access to your Google account and how to revoke that access

Like Facebook, one of the conveniences that Google offers is that it allows you to use your Google account in order to login to different websites. In IT circles this is known as a SSO (Single Sign On) functionality. It's another way of saying, that you don't need to create an account for every single site on the internet. Instead you create one with a well know and (hopefully) trusted provider and use that everywhere. One of the ideas behind this is that you can now have one fairly strong password, which would further secure your online identity. On any site that supports this, you will then have an option to create a local account, or to use your Google login instead.



I can just hear you asking now: "But wait. Doesn't that mean that all those sites will now know my Google login credentials?"
Thankfully, the answer to that is: "No, they won't." :-)

The way how this works (in fairly simplified form) is that other sites have decided to trust Google (or Facebook) to provide the authentication services instead of them. When you come to a www.tripit.com or www.linkedin.com and use your Google login, these sites will essentially ask Google if it can verify that you are, who you say you are. Google will say "yes" and with that the site will let you in. Your password will not be seen by these sites.
That's the good part of the story.

What about the bad?

There are actually a few, potentially, bad sides. And you have to weigh each one on its own to see if convenience outweighs the risks, as far as you are concerned.


  • Google knows (sinister music)
Since your Google account to login to the other sites, Google will know which sites you're visiting. So if you're keen on protecting where on the net you go, this may be an issue for you.
  • Sites know (sinister music)
Depending on the site, there may be a substantial level of information that they will get from Google about you, when you use Google authentication. On the upside, the site where you're logging in with your Google account will always let you know what level of information they want from you, before you allow them to actually access that information. Major problem here is that, often, there is no way of reducing requested privilege level and still be able to use Google login with that particular site.
Here is a bit of information, regarding the access levels and what they mean.
  • You forget that others know (no music)

In my opinion one of the hidden risks with this is that it's maybe too convenient. Lots of sites today use this capability. In some cases you may want to try out a particular site or a service that they offer and you then forget you did so. However the site in question still retains visibility in your personal data.

For the first two things there is no tool. You have to use your head. Unfortunately :-)
For the last thing, however, there is a nice page on google.com, that allows you to check all the sites and services that are at this time allowed to access some or most of your information. It also allows you to easily revoke access to any and all such linked sites and services.
Ha, actually, just as I was re-checking the facts about this functionality, I came across an updated and nicer version of the page, which serves the same function. :-)

I'm willing to bet that most of you, will be slightly amazed, when you see all the connected sites and services, when you visit these pages for the first time.

Have a nice Friday the 13th and enjoy,
Vlayke

05 December, 2013

Gmail - One account, infiinite adresses

So, you've got a Gmail account? Are you registering for a technical newsletter here, shaving forum there, loyalty service in another location? On top of that there are lots of websites or services, like free wireless at in cities or at the airports, that would like to have your email address.


Lots of these services require you to confirm that you can actually be reached through an email address that you provide, before you can use them. As a result quite a few people have taken to create a separate email account just for these registration purposes. It's one of the ways to combat the amount of emails that you get in your inbox and minimize the risk of appearing on someone's spam list.
Problem with this approach is that now you have TWO accounts that you have to use and check. At least when you need to check for confirmation emails or maybe when you need to recover passwords that you forget.

Well, with Gmail, there is a way to have a single account but at the same time have virtually unlimited amount of email addresses associated with it. Actually there are two such ways :-D

D.ot.s a.re (semi)imp.ort.ant

If you're like me, then you created your Gmail account in firstname.lastname@gmail.com format. Some people do it in firstnamelastname@gmail.com format. Or you use whatever other type of account name you like. Doesn't really matter. What matters is that Google will deliver emails to your account even if punctuation is different than what you specified as your username. So, if your default email address is firstname.lastname@gmail.com then also emails to firstnamelastname@gmail.com will reach you. As well as f.irstnamelastname@gmail.com or firs.tnam.elast.name@gmail.com or firstnamelastnam.e@gmail.com or any other combination in between.
Neat, eh? :-)

Gmail+?

You probably know that Google is doing its best to compete with Facebook, with Google+ service, for the status of social network king. If it will succeed or not remains to be seen. But it seems (may be a coincindence) that a bit of that "plussiness" has spilled over to Gmail.
It seems like that, because another way to generate additional email addresses is to add + sign at the end of your username and follow it with a string of characters. For instance firstname.lastname+shawingforums@gmail.com Or firstname.lastname+technewsletters@gmail.com
Of course you could combine this with the first technique but that would likely complicate things a bit.

How does this help me?

Well, one of the things that you can fairly effectively do in Gmail is  creating filters for your incoming emails. The thing is that if you wanted to create a filter for every loyalty program, forum or newsletter, and you weren't using either of the above tricks, then you had to create a lot of individual filters that were based on sender addresses. And additional problem was that, relatively often, sender addresses change. Which means that it can happen that one of your filters stops working all of a sudden and you may have a hard time figuring out why.
With firstname.lastname+loyaltyprogram@gmail.com you just need to create a filter that will rely on your receiving email. And it can be one filter for all loyalty programs for which you registered with that particular address. If sender address changes at any time in the future or if your registration email is provided to some third-party company, then all the extra correspondence will be automatically treated with the same loyalty filter and will not clutter your inbox. Plus (hehe) you will have a better overview in regards with how your email information circulates around the internet.

What this nifty feature will not do?

Email addresses (more properly called aliases, for those of you that are detail nazis) generated like this are for receiving emails only. You will not be able to use them for outgoing emails. Any mail that you send will still be sent under your original username@gmail.com
Also, the login name (what you type in combination with your password when you login to Google services) can only be your original username, that you picked when you subscribed for a Google account.

Enjoy,
Vlayke