Amazon has introduced a Login with Amazon service, joining a growing effort to reduce the number of online log-ins and passwords that we hold in our heads (and attach to our monitors with sticky notes). It’s also a nice little branding shout-out to Amazon’s 200 million-plus active users.
Login with Amazon is available to Websites and developers as a way for users to sign in or buy goods, using their Amazon credentials instead of registering and creating a new set. Similarly, many sites now offer the option of signing in via one’s Gmail or Facebook account.
Amazon and Gmail passwords are often more front-of-mind than lesser-used ones, and so are quicker and less annoying to use. Amazon calls this a reduction in “sign-in friction” that leads to better engagement and purchase follow-through.
Zappos and Woot have been early adopters of the service, and Amazon says they’re having great luck with it.
Woot, a discount site for lifestyle items (or in the words of Woot, “an ever-evolving deal maelstrom churning around a tornado circling a mystery”), says new customers choose to log in with Amazon two times more often than with other social log-in options. Zappos, a seller of shoes and more, says 40 percent of its new customers chose to use the Amazon log-in.
Login with Amazon, which is free for developers and Websites to use, is built on a popular open protocol and offers tools that enable developers to build, monetize and market their apps and games. According to Amazon, it’s possible to go from registration to launch “in a matter of hours.”
Single Password Initiatives
The growing number of online passwords, and cyber-security incidents, has led to a White House-backed initiative to test whether consumers might trust a single, highly secure password combination for all of their accounts across the Internet.
In December 2012, the National Strategy for Trusted Identities in Cyberspace awarded a federal grant to Verizon, Criterion Systems and several partner companies to run a two-year study on the feasibility of a single-password system.
The study’s “trust elevation” tactics include a user name, password and additional piece of information that only the user would have—a fingerprint or other piece of biometric information, or maybe a code sent to his or her cell phone (a practice Facebook, among other companies, now uses to occasionally verify users are who they say).
Criterion Systems co-founder David Coxe explained to eWEEK, following the announcement, that passwords tend to be combinations of family names and numbers.
“What hackers do is go into the weak sites, break in and then go figure out the sites that really matter to you [like your online bank account],” said Coxe.
The Verizon Universal Identity Services, as the project is known, has been tasked to meet Level 3 authentication requirements, as dictated by the Federal Office of Management and Budget, which means high confidence in the validity of the log-in, versus Level 4’s “very high confidence.”
During the first quarter of this year, four pilot programs were launched—with a financial services firm, eBay, the Department of Homeland Security and General Electric—and next year another four, in different markets, will follow.
“We’ve been [protecting identities] for a long time and we’re pretty good at it,” said Peter Graham, with Verizon’s Enterprise Solutions team. “We believe there’s an opportunity to bring a higher level of security to the industry as a whole.”