Now Google’s taking it one step further with something called “hybrid onboarding.” When you receive an email invitation in a Gmail account to join another service, including Plaxo, Facebook and more, instead of being prompted to create yet another username and password, you’re given the option to sign in with your Google account:
On the surface, this seems like it might be less secure—after all, isn’t Google sharing your Gmail username and password in this sign up? Not so, Google says:
At the same time, the hybrid onboarding model improves authentication security because websites like Plaxo that use this technique never see a password from you at all. Since you don’t have to enter your password on additional sites, your password remains closer to you and is less likely to be misused.
However, there is the problem that if your one account gets hacked, the hackers will have access to your other accounts (though this is often the case, since most people use the same password for a lot of their accounts).
Google is also taking this capability to your doorstep: The Google Code Blog also gives details on how any site can add this authentication protocol.
What do you think? Is this a step forward for password and online security? What sites do you want to see participating?