The identity landscape is changing with the move to cloud. Applications that do not change with it risk becoming unmanageable and creating difficult security holes. Users are adapting to these changes in ways that address the inconveniences, but not necessarily the security concerns. For example, users have no qualms about giving passwords to mobile applications, even though criminals can retrieve passwords when phones are lost. Often, users work around the need for multiple passwords for SaaS applications by reusing the same password on several sites - even though the hacking of one site means that password can be used to gain access to any of the user's other accounts.