Just realized something that took me many years to figure out. Some websites, rather than requiring you to create a new account by giving them an email address and creating a new password, allow you to just logon with your Google or some other site’s credentials. A number of times when I was feeling particularly lazy, I would just do the latter. I knew that picking the easier way out was probably the wrong choice, but other than a vague hacking paranoia, I could not come up with a good reason not to be lazy.
I just realized today that if we are talking about a paid site here, signing on with just your Google credentials makes it difficult to share a paid subscription with a friend. Sharing those credentials with friends gives them access to your Google Drive and Email. You can create a brand new throw-away Google account for sharing I suppose and just share that, but I tend to think that is a bit too personal too.
So unless someone else has a better idea, I would suggest that when you create an account on a website, especially one behind a paywall, don’t use your Google credentials to login. Bite the bullet and create a logon specific to that site with a unique password. I assume that you are using a password manager of some sort.
Finally, yes I acknowledge that sharing accounts and passwords may be capitalistically morally (an oxymoron if I ever heard one) wrong, especially for sites like SubStack or Medium that do a good job of sharing revenue with creators, but I am talking about onsie-twosie sharing with someone that nearly never uses the paid subscription - no revenue lost there.