Amazon launches "Login with Amazon" single sign-on facility

Users who have an Amazon account need no longer register at Zappos With "Login with Amazon", Amazon has joined the ranks of companies offering a single sign-on service to spare users the effort of memorising many different passwords. Like Google, Facebook, Twitter and Microsoft, Amazon now allows its account holders to use their credentials to sign into other services that have activated the Amazon service on their sites.

Amazon's service uses the OAuth 2.0 authentication protocol. Its predecessors at Twitter and elsewhere also support this standard. Amazon has specially commended the security of OAuth 2.0; however, the protocol's developer, Eran Hammer, withdrew from the project in mid-2012, saying that, compared to OAuth 1.0, many compromises had made OAuth 2.0 "more complex, less interoperable, less useful, more incomplete, and most importantly, less secure."

"Login with Amazon" is already available at Amazon companies Zappos and Woot. Implementing Amazon's login facility is designed to save developers time and money – naturally, however, the facility also allows the company to closely tie in its customers. The Mozilla Foundation has presented a different approach: with Mozilla Persona, the foundation is developing an authentication system that is designed to be independent of large, individual companies. The system authenticates users' identity via services such as their email provider.

(sno)