A working group of the OpenID Foundation
Passwords are Broken
Because of this hackers don’t have to try to break into obvious targets like bank websites. Instead, they pick smaller websites that don’t have the same level of security as large websites.
Once the hackers break into a website, they copy the emails and passwords. They then use this information to get access to as many websites as possible.
Hackers can use your password to steal from your friends
Hackers have become much more devious. If they can sign into your email or social network accounts using the password they stole, they will use those accounts to send messages to your friends.
These fake messages say things like, “Help! I got mugged while travelling and I can’t get home. Can you wire money to me at this address?” Because your friends are kind, want to help, and don’t know your password has been stolen, they send money to the hackers who then disappear.
Now not only are you at risk because your password was stolen, but your friends are as well.
A better, more secure way: Identity Providers
Fortunately, many websites are adopting a new technique that is both easier to use and more secure.
Instead of websites requiring passwords, they can allow people to sign in with an account that they use on another more secure website called an identity provider.
You may have already visited a website that allowed you to sign in by clicking on the logo of another company or by choosing the picture of an account you have on another website. When you sign into a website this way, the website does not get access to your password. So if the website is compromised, your password is still safe.
Hackers can still try to attack identity providers, but they use advanced security mechanisms similar to online banks. Many of them add a second layer of security if you sign in from a new device or location. For example, they may send confirmation codes to your phone to verify it is really you.
Next time you see a website that asks for passwords, ask yourself if you think they have bank level security. If not, ask them why they don’t offer the option for you to use an identity provider.
Easier for you
Not only is using an identity provider more secure, but it will make your life easier. No more worrying about remembering different usernames and passwords.
You can even choose to share some information from the identity provider with the website so when you sign up for an account, you don’t have to fill in the same information time after time.
Just click on your picture and go.