Apr 21, 2011

How does ICPSR handle authentication for access to its data and members-only content?

Users may log in to ICPSR using their Facebook or Google account. They may also use an ICPSR MyData account if they prefer not to use third party authentication.

Benefits of Third Party Authentication

  • Users will not have to remember a separate login/password to access ICPSR data.
  • If users are logged into their Facebook or Google account and then go to ICPSR, they will already be logged into ICPSR.

Privacy Issues

  • Using a single identity to log into multiple websites allows users to establish a reputation on several sites with the same ID. However, that may make it easier for others (marketers, law-enforcers) to track them.
  • Users can choose to share personal information they've stored at the third party provider with ICPSR, in order to save the trouble of re-entering some basic profile information.
  • If a third party account gets hacked, the hackers would also be able to access that user's ICPSR account.
  • Third party authentication providers are able to track every site you use your third party account to log into.

Multiple Logins

A user may log into ICPSR using (for example) Facebook one session, Google another session, and MyData a third session. Doing so would create separate profiles in the ICPSR system if the third party accounts are associated with different email addresses.