Password security is something that we should be careful about on an individual level. But with the mish-mash of services accessing each other’s APIs these days, extra authentication layers are of paramount importance. Take Google web apps for example.
A lot of third party services use Google IDs for authentication and the account data between the two gets shared. Google uses OAuth 2.0, the latest standard of the open protocol that allows secure authorization with third party web apps. But now, Google has gone ahead a step further and added OAuth 2.0 support for IMAP/SMTP and XMPP. This brings Gmail and GTalk within the ambit of OAuth2.0 with all its extra security features.
It is good news for both developers of third party clients and users because developers can create more transparent and secure applications, and users get to have tighter control over the data that gets shared with the third party apps. It creates more trust all around. The Google Developers Blog states the direct benefits for users:
When clients use OAuth 2.0, they never ask users for passwords. Users have tighter control over what data clients have access to, and clients never see a user’s password, making it much harder for a password to be stolen. If a user has their laptop stolen, or has any reason to believe that a client has been compromised, they can revoke the client’s access without impacting anything else that has access to their data.
Source: Google Developers Blog
More articles about: