To my opinion these are the main reasons why users usually don’t follow the guidelines and prefer to risk their security using simple passwords which are easy to break.
The pros and cons of federated identity management.
Federated Identity Management is a system which allows users to use the same credentials to sign in to networks of several enterprises and make transactions.
The advantages of using federating identity management system are:
1. It is possible to use a certain user’s credentials for separate applications.
2. It simplifies administration and access to resources.
3. As trusted partners use a common framework for sharing their information, federated identity management system allows not to establish separate relationships and procedures with one another to make transactions.
4. It ensures reliable access to application from multiple locations.
5. There is no need to replicate databases of user credentials for separate applications and systems.
6. It improves security both for digital resources and for user’s personal information.
7. It ensures better logging and audit functions performance.
8. Costs usually intended for password reset are reduced
Despite the pros of federated identity the system also has the following downsides:
1 It is vitally important that the user trusts in the federated management system, in its individual components and connections. If user loses his trust in one part of the system all other parts are compromised as well.
2 It may be expensive to modify existing application to implement the system.
3 Risks associated with unauthorized access are sufficiently high. There is always a possibility of identity theft as it is easy to capture userid or password credentials.
4 There are business issues which may include an agreement on revenue sharing or some details related to organizational moments.
5 Liability problems should also be mentioned as for today there are no strict formulas to assign risk.