Three horizontal lines stacked

Documentation

Frequently Asked Questions

Is the information I give to Earthdata Login really safe?

Yes, absolutely! First, Earthdata Login is only available through an HTTPS connection. HTTPS is the secure version of HTTP, the protocol that web browsers use to talk to applications and websites. That alone makes it much harder for malicious users to try and steal your password or other private information.

Additionally, once your password is handed over to Earthdata Login, we encrypt it immediately. That means that even Earthdata Login administrators can't see your password; it just looks like a sequence of random numbers, letters, and symbols, even on the back end. And while the rest of your information is stored normally–as text that can be read by an administrator–it's never used without your permission, and it's never given out to other sites or applications without your explicit permission.

Finally, with Earthdata Login, only the Earthdata Login system itself gets your password. That means that you'll never enter your password into a site that passes it over the network to Earthdata Login. This ensures that even in trusted communications between EOSDIS systems, your password is never exposed. If you're not sure if you're on a site that uses Earthdata Login, and gives you these advantages, you might want to read the next question.

For more on the differences between URS 3 and Earthdata Login, check out What's the difference between URS 3 and Earthdata Login?

Is my favorite website/application using Earthdata Login?

If you are already using Earthdata Login to log in to a website or application, and want to know if that site is using Earthdata Login, there are two easy ways to find out:

  1. Click the site's "Login" link or button. If you are taken to a site that says "Earthdata Login" and the address in your web browser starts with "https://urs.earthdata.nasa.gov" then you're using a Earthdata Login system. This isn't foolproof, though, so if you don't see the Earthdata Login header and URL, you can also...
  2. Contact the administrators of the site or application. This is the surest way to understand what version of Earthdata Login is being used. Because Earthdata Login does lots of things to make itself invisible to you–staying out of your way as much as possible–you may be using a Earthdata Login site and not see the Earthdata Login login page often. That's why it's always good to ask.

What's the difference between URS 3 and Earthdata Login?

URS 3 is the term typically used to refer to all Earthdata Login implementations prior to the current OAuth 2-based Earthdata Login implementation. URS 3 applications used a fairly extensive REST API to interact with Earthdata Login. While this allowed a lot of flexibility, it also meant that applications and websites were passing your username and password over the Internet. While this was typically done using secure connections, it's still not as safe as never passing your password around at all. While we've never had a report of stolen passwords resulting from use of URS 3, we do encourage all Earthdata Login sites and applications to contact us about transitioning to Earthdata Login.

Earthdata Login is a completely reworked implementation of Earthdata Login in terms of how applications interact with the system. Instead of focusing on a flexible API, Earthdata Login introduces OAuth 2. In this approach, applications redirect all users to Earthdata Login, and information (such as username, password, and email) is only entered directly into the Earthdata Login application. This ensures several things:

  1. Users can expect to trust a single system with their information: Earthdata Login. While they can use lots of applications, only one is responsible for keeping up with their private personal information.
  2. Users can always expect to see a Earthdata Login-branded page when entering sensitive information. If there's no Earthdata Login branding, no information should be supplied!
  3. Applications don't have to receive and transmit sensitive user information, or worry about the overhead of secure networking. Earthdata Login handles all this interaction now.

Earthdata Login does provide a simpler API for applications to request user information, but that API only responds to requests if the user has specifically granted that application permission to access their data. And passwords are never handed out to any system outside of Earthdata Login!

Over the coming months, all EOSDIS systems that either currently use URS 3 or are candidates for Earthdata Login interaction will be transitioned to Earthdata Login, ensuring your information is kept as safe and secure as possible.