Yes, absolutely! First, Earthdata Login is only available through an HTTPS connection. HTTPS is the secure version of HTTP, the protocol that web browsers use to talk to applications and websites. That alone makes it much harder for malicious users to try and steal your password or other private information.
Additionally, once your password is handed over to Earthdata Login, we encrypt it immediately. That means that even Earthdata Login administrators can't see your password; it just looks like a sequence of random numbers, letters, and symbols, even on the back end. And while the rest of your information is stored normally–as text that can be read by an administrator–it's never used without your permission, and it's never given out to other sites or applications without your explicit permission.
Finally, with Earthdata Login, only the Earthdata Login system itself gets your password. That means that you'll never enter your password into a site that passes it over the network to Earthdata Login. This ensures that even in trusted communications between EOSDIS systems, your password is never exposed. If you're not sure if you're on a site that uses Earthdata Login, and gives you these advantages, you might want to read the next question.
If you are already using Earthdata Login to log in to a website or application, and want to know if that site is using Earthdata Login, there are two easy ways to find out:
URS 3 is the term typically used to refer to all Earthdata Login implementations prior to the current OAuth 2-based Earthdata Login implementation. URS 3 applications used a fairly extensive REST API to interact with Earthdata Login. While this allowed a lot of flexibility, it also meant that applications and websites were passing your username and password over the Internet. While this was typically done using secure connections, it's still not as safe as never passing your password around at all. While we've never had a report of stolen passwords resulting from use of URS 3, we do encourage all Earthdata Login sites and applications to contact us about transitioning to Earthdata Login.
Earthdata Login is a completely reworked implementation of Earthdata Login in terms of how applications interact with the system. Instead of focusing on a flexible API, Earthdata Login introduces OAuth 2. In this approach, applications redirect all users to Earthdata Login, and information (such as username, password, and email) is only entered directly into the Earthdata Login application. This ensures several things:
Earthdata Login does provide a simpler API for applications to request user information, but that API only responds to requests if the user has specifically granted that application permission to access their data. And passwords are never handed out to any system outside of Earthdata Login!
Over the coming months, all EOSDIS systems that either currently use URS 3 or are candidates for Earthdata Login interaction will be transitioned to Earthdata Login, ensuring your information is kept as safe and secure as possible.