You can choose to log into the hub using credentials from another authorizing party. This could be a web service provided by a company like Google or Facebook, or it could be a service provided by a research institution associated with the hub.
When you first log in using federated credentials the hub will ask you if you have an existing account. This is so that we can maintain the associations for any materials you have submitted to the hub -- by selected that you have logged in and linking your prior account, we can treat the two login sources -- entering your hub password and entering your credentials at this other institution -- as one and the same.
It's also possible to create a new account when logging in with your institution's credentials. If so, you will have to create a hub-specific password for that account due to technical considerations.
Either way, you will arrive at the same basic configuration, in that you have a password (or another login mechanism) for your federated identity provider and you have a hub password for your account here. We may ask you periodically to change your hub password in accordance with our data security policies, but there is no transfer of your password between us and the institution you log in with, so these can (and should) be different.
Note that logging out of the hub often works differently if you use federated credentials. We can destroy your session here so that it appears that you are logged out, but if you choose to log in again you may find that you are "automatically" authenticated again without being asked for a password. Your institution operates its own servers and stores data about your interaction in cookies that our servers are not able to modify. They often use these cookies to maintain a record recent logins for your account, so that you're not asked again repetitively while using their services to present your credentials. If you wish to truly log out so that this does not happen, either visit your identity provider's site and use their log out link, or delete cookies for their domain using your web browser's settings.