Password overload undermines the security of health information

Research suggests that people generally have far too many passwords to remember. Studies find that there is an average of 130 accounts assigned to a single email address and most of us have ten or more passwords to remember. Password overload is real and for many, the “Log In With Google” or “Log In With Facebook” button looks a lot like a lifeline.

Facebook and Google let you log into other services to save you the trouble of going through yet another laborious account creation and memorizing another password. When you sign in to another service with either Google or Facebook, they tell the other service provider “Yes, we know this person and have confirmed she is who she says she is.” In essence, Google and Facebook are vouching for you. This is not simply a kind gesture.

Beware of Greeks bearing gifts

When someone says “beware of Greeks bearing gifts” they mean that you should not trust enemies or opponents who are being friendly, showing kindness or being generous, as they may have an ulterior motive. Facebook and Google provide this service for a reason – linking two or more sites allows them to collect more data, building an increasingly rounded profile about you. Privacy is not the main concern of a social network; like any for-profit company, its focus is on monetizing its product. The social log-in is another way of adding data ecosystems to the company’s reach.

What are you sharing when you sign in with Facebook or Google?

The data held by social platforms like Facebook and Google are suggestive of your habits and preferences. You already know Facebook’s business model is predicated on selling your data to the highest bidder.

At the very minimum, when you use Facebook to log into another service you share whatever is on your public profile. Google typically hands over your email address or, as mobile becomes increasingly important, your phone number. If you sign into Uber with Google, the company shares your Google Wallet information. Doodle.com, a scheduling site, will access your calendars.

What is My Health Information Co-op’s solution to password overload?

The Co-op’s approach to solving this problem of password overload is to support the development of Self-Sovereign Identity (SSI). Self-sovereign identity (SSI) is an approach to digital identity that gives individuals control of their digital identities. SSI allows people to control their verifiable credentials. In Canada, the Pan-Canadian Trust Framework (PCTF) is attempting to provide the framework needed for a robust, secure, scalable and privacy-enhancing digital identification and authentication ecosystem. The Co-op is supporting the PCTF approach to Single Sign-On and will make SSI available to members as it becomes availabe.