Each individual accessing the digital world accumulates multiple digital identities, each corresponding to the way in wich he or she chooses to interact with the different services. The number of identities whose sum converges into a single physical identity is constantly increasing, despite the efforts invested in the development and adoption of fiederation schemes that allow delegating authentication and authorization processes to trusted third parties. Some of the explanations behind this behavior are:
- The lack of trust in the owners of the digital services used by users.
- The generation of digital identities offers the possibility of gaining anonymity.
- Definition of containers that allow us to parcel out tdifferent regions of our digital lives (work, friends, family, etc.).
- Technology evaluation.
In practice, if one is not very scrupulous in the way in wich these identities are used, relationships between all of them will appear. In fact, unfortunately, it is a reality that most users repear passwords in more than one service.
This poses a scenario in which, if the user has chosen a password that is deducible, he will be able to check the security of all identities that rely on a login-password scheme. Even if the password the user has chosen is a strong password. If this password is used in a bilateral security system, it can be captured by an attacker. Again, if the user has used the same password in more than one service, the strength of their security measures will be worthless.
