Microsoft Passport? Good or Bad for the Internet?
By Richard Lowe
Posted Monday, December 6, 2004
If you are anything like me, you've got dozens or even hundreds of accounts spread all over the internet (and the planet, for that matter). Each account has a different username and password combination, which adds up to one big headache, trying to keep it all straight.
I am aware of security, so I tend to create a different username and password for each and every account. This makes it impossible for a malicious person to break into one account and thus get the information from all of my accounts.
Most people do not go through this much trouble. In fact, most people simply create all of their usernames as their own first and last name (perhaps with a number to make it unique) and use very simple, and easily guessed, passwords.
Microsoft has now come along and proposed a solution to this situation. Well, proposed is not the right word - Microsoft is implementing a solution. It's actually a key component of their .NET strategy.
What they are doing is creating a "passport", called "Microsoft passport", which is more or less intended to become the standard way of gaining access to objects and information on the internet.
The concept is very simple indeed. You merely create a passport account and give it a unique username (your email address). You also give it a password. >From that point forward, you can use the exact same username and password to access anything which supports passports (everything on a Microsoft web site, at the least).
So far this is no different than any other account identifier. For example, on Yahoo you create a Yahoo ID, which can be used to access any feature operated by that company. Excite has something similar as do many other web sites.
What is different about passports is the intention to turn it into a standard to access everything on the internet. Microsoft also intended to use passports as a centerpiece to it's .NET initiative - passports will be the focus of it's security model.
What's wrong with this picture? Conceptually, it is actually a good idea. Passports have the capability to enforce a security standard across the entire internet, and Microsoft has the muscle and staying power to make it work. Lord knows it will be convenient to be able to log into hundreds of different sites using the same username and password. This sure will make life easier for a lot of people.
On the other hand, as demonstrated by the more than 45 security alerts released by Microsoft in the first two-thirds of 2001, this company is not well known for it's attention to security. In fact, Microsoft is directly responsible for two of the worst security issues on the internet today: Code Red and it's variants, and email worms such as Melissa and SirCam.
Steve Gibson, author of the fabulous website Grc.com, makes the following comment:
"With a bit of horror, I learned that Microsoft's developers have no understanding of security."
If that doesn't send a shiver down your spine, I don't know what will. Now, do you really want these people to be in charge of the security of your bank account, medical records and dozens or even hundreds of other records?
So what should you do? Personally, I am concerned about Microsoft's obvious lack of security knowledge, and I do not want to trust them with my personal data. Thus, I will not be using anything "protected" by passport, unless it is absolutely necessary. I just have too many questions and concerns not only about privacy, but about the safety of my personal information from criminals, terrorists and other evil-doers.
To see a list of article available for reprint, you can send an email to:
mailto:article-list@internet-tips.net?subject=send_article_list or visit (http://internet-tips.net/requestarticles.htm)
About the Author
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at (http://www.internet-tips.net) - Visit our website any time to read over 1,000 complete FREE articles about how to improve your internet profits, enjoyment and knowledge.