Google Sign-in: a reader asks…
I received an email from Google asking me if I got a new iPhone. I didn’t. I did sign up for an account on an iPhone app, and was asked to type in my Google account password. I did that. Did I just get hacked?
I’m going to guess and say probably not, as long as you got the app from the iPhone App Store. What likely happened is that there was a signup option to use your Google account (you may have seen something like “Single Sign-on”) to create that app account. So the app and your Google account were connected and you approved that by giving your Google password.
If you’re not sure and or just want to verify things, click the link in that Google email “Review the devices”, sign into your Google account and check the list of devices and apps that have (usually limited) access to your Google account. If you see anything you don’t recognize or want, you can delete it. Later on if you use an app that was working before and now asks you to re-verify your Google account, you’ll know that’s the one in question.
Often apps will ask for access to your Facebook or Google account to gain access to your list of friends or contacts. Apps that do communication will often need this to help you use their app easier. It’s up to you to decide which is more important, privacy or convenience. I counsel to err on the side of privacy.
By all means you should turn on two-step verification for your Google account. Start here: https://www.google.com/landing/2step/ and follow the on-screen instructions. 2-step verification will send you a text message (or you’ll use the Google Authenticator app) anytime a new device, app, service or computer tries to access your Google account. For reasons why you really want this, check out my article: 2-factor authentication.
I recommend everyone use 2-step verification (aka 2-factor authentication) on every online account or service that offers it. More and more services are adding this to their security features. While not foolproof, it’s a whole lot better than just using a username and password combination to secure your digital life.