From Multiple Credentials to Browser-based Single Sign-On: Are We More Secure?