Multiple passwords

Church Account is the primary user account (user name and password) for accessing online Church resources. Church Account was formerly known as LDS Account. This forum is a space to discuss all things related to Church Accounts (registration, account recovery, user experience, vulnerabilities, etc.).
eblood66
Senior Member
Posts: 3907
Joined: Mon Sep 24, 2007 9:17 am
Location: Cumming, GA, USA

Re: Multiple passwords

#11

Post by eblood66 »

The church uses what is called Single Sign On (or SSO). This is where a single account (with a single username and password) is used to access multiple web sites or services (like churchofjesuschrist.org, lcr, the temple portal ect.) It is true that SSO introduces some additional security risk because if someone discovers your username and password then they have access to all sites and services it provides access to.

On the other hand, for an entity like the church, having a separate sign on for each site also introduces risk. Each separate implementation of the login procedure adds the possibility of bugs which might allow an attacker to get into the site without credentials or to steal user credentials. By only having a single signon procedure, the church can do more work to ensure that it doesn't have vulnerabilities. Or better yet it uses a 3rd party specialist who is an expert in this area. The company I work for deals with a lot of very sensitive data so we have some of the highest security policies in the industry. But we also use SSO for access to our internal resources for the same reason.

Also, for most church sites, the church needs to link your account with your membership number in order to identify what rights you have (based on the ward and stake you are in and what callings you have). Maintaining this link for multiple accounts would increase church costs and cause users more difficulty. Sometimes security has to be balanced with cost and support problems.

So although that article is correct in general it isn't the last word in security (as russellhltn indicated as well). And as russellhltn also indicated, the usual recommendation to mitigate the increase risk for single sign on is to enable multi-factor authentication.
BrianEdwards
Senior Member
Posts: 1076
Joined: Sun Oct 30, 2016 10:42 pm
Location: Michigan

Re: Multiple passwords

#12

Post by BrianEdwards »

[EDIT: eblood66 posted a response before I did, and his post addresses things better than I did in my post below]

I believe that it makes sense for every member to have a single username & password linked to their church account. The church then uses this information to identify access to various church-affiliated sites, and link member information for that site to use. Thus the church has a single way of identifying whether I am able to be provided access to member functions at churchofjesuschrist.org, leader functions at lcr.churchofjesuschrist.org, finance functions at lcrffe.churchofjesuschrist.org, temple ordinances at FamilySearch.org, etc. I personally update my church password regularly, but I believe leaders at least are required to modify their passwords after a certain period of time. And from the Church's perspective, it may be prohibitively complicated for them to even consider implementing separate passwords for unique sites, given their recent struggles to provide even more basic capabilities.

I agree with your concerns about data safety. I suppose if FamilySearch.org is storing password information for church members, that would be an additional avenue for hackers. But I would think (guess?) that when logging on to FamilySearch via a church account, it goes directly to the church servers, and no local username/password data is stored outside the Church's systems. But I'm not an IT guy, and those who know better may point out my misconceptions.

Also, note the article is from 2015, so it may not be completely current.
davesudweeks
Senior Member
Posts: 2637
Joined: Sun May 09, 2010 9:16 pm
Location: Washington, USA

Re: Multiple passwords

#13

Post by davesudweeks »

And these articles are more targeted to those who use the same username/password across large portions of their online presence. One should not use the same password for the "Jane's Dress Barn" online store (name made up) that they use for their bank access and their email login. If a password at a shopping site were compromised, one would not want that to open access to their bank account or email (which is often used for password resets). However, having the same login for multiple church pages inside the church domain is low risk (in my opinion). While all earthly systems and software are imperfect, the church takes security seriously. One can easily have different login for FamilySearch than their regular church account login and still have their membership linked to that FamilySearch account in their account settings.
gsgiauque
New Member
Posts: 17
Joined: Wed Sep 19, 2012 4:23 pm

Re: Multiple passwords

#14

Post by gsgiauque »

Thank you for these insights, particular that of davesudweeks -- the example of "Jane's Dress Barn" (name made up) vs. bank access and email login -- is useful and "comforting." Case closed.
gsgiauque
New Member
Posts: 17
Joined: Wed Sep 19, 2012 4:23 pm

Re: Multiple passwords

#15

Post by gsgiauque »

On e last comment -- even to get into this tech.church account, I had to use my lds.org account. This all just strikes me as "kinda strange." Case now **really** closed.
davesudweeks
Senior Member
Posts: 2637
Joined: Sun May 09, 2010 9:16 pm
Location: Washington, USA

Re: Multiple passwords

#16

Post by davesudweeks »

gsgiauque wrote: Fri Mar 03, 2023 6:38 am Thank you for these insights, particular that of davesudweeks -- the example of "Jane's Dress Barn" (name made up) vs. bank access and email login -- is useful and "comforting." Case closed.
Having a questioning attitude is a very good thing when we seek to understand.
jonesrk
Church Employee
Church Employee
Posts: 2361
Joined: Tue Jun 30, 2009 8:12 am
Location: South Jordan, UT, USA

Re: Multiple passwords

#17

Post by jonesrk »

gsgiauque wrote: Wed Mar 01, 2023 8:02 pm The sentence I quoted above says lds.org and familysearch.org both use the LDS Account. So does templeportal.org.

But my password manager says that they are 3 separate and distinct accounts! They certainly appear to be. But they all use my one and only single password to get into any one of the three.

"So--" someone will say --"change your password manager -- find one that doesn't say that the 3 .org "entities" are not 3 separate accounts."
Nope! I'm not gonna do that, thank you.

But what exactly are lds.org, familysearch.org and templeportal.org if they are not accounts? What are they "called?"
Those are all different websites (or web applications). churchofjesuschrist.org, templeportal.org and many others all have a single sign on of your Church Account. It is truly one account so you aren't sharing your password across multiple accounts. Because it is used for many sites, and the password manager can't tell that it is the same account under the covers, the password manager is doing the best it can to warn you to be wise. In this case you only have one account so it is a bit of a misleading warning.

familysearch.org now has multiple options for logging in. One is to create a separate account just for family search, or you can use one of several different OpenId logins, or your Church Account. If you choose to use your Church Account login here it actually uses the main Church account login, so it wouldn't appear to be an additional site with the same password.
Post Reply

Return to “Church Account”