Microsoft Passport? Good or Bad for the Internet?
If you are anything like me, you've got dozens or even hundreds
of accounts spread all over the internet (and the planet, for
that matter). Each account has a different username and password
combination, which adds up to one big headache, trying to keep
it all straight.
I am aware of security, so I tend to create a different username
and password for each and every account. This makes it
impossible for a malicious person to break into one account and
thus get the information from all of my accounts.
Most people do not go through this much trouble. In fact, most
people simply create all of their usernames as their own first
and last name (perhaps with a number to make it unique) and use
very simple, and easily guessed, passwords.
Microsoft has now come along and proposed a solution to this
situation. Well, proposed is not the right word - Microsoft is
implementing a solution. It's actually a key component of their
.NET strategy.
What they are doing is creating a "passport", called "Microsoft
passport", which is more or less intended to become the standard
way of gaining access to objects and information on the internet.
The concept is very simple indeed. You merely create a passport
account and give it a unique username (your email address). You
also give it a password. >From that point forward, you can use
the exact same username and password to access anything which
supports passports (everything on a Microsoft web site, at the
least).
So far this is no different than any other account identifier.
For example, on Yahoo you create a Yahoo ID, which can be used
to access any feature operated by that company. Excite has
something similar as do many other web sites.
What is different about passports is the intention to turn it
into a standard to access everything on the internet. Microsoft
also intended to use passports as a centerpiece to it's .NET
initiative - passports will be the focus of it's security model.
What's wrong with this picture? Conceptually, it is actually a
good idea. Passports have the capability to enforce a security
standard across the entire internet, and Microsoft has the
muscle and staying power to make it work. Lord knows it will be
convenient to be able to log into hundreds of different sites
using the same username and password. This sure will make life
easier for a lot of people.
On the other hand, as demonstrated by the more than 45 security
alerts released by Microsoft in the first two-thirds of 2001,
this company is not well known for it's attention to security.
In fact, Microsoft is directly responsible for two of the worst
security issues on the internet today: Code Red and it's
variants, and email worms such as Melissa and SirCam.
Steve Gibson, author of the fabulous website Grc.com, makes the
following comment:
"With a bit of horror, I learned that Microsoft's developers
have no understanding of security."
If that doesn't send a shiver down your spine, I don't know what
will. Now, do you really want these people to be in charge of
the security of your bank account, medical records and dozens or
even hundreds of other records?
So what should you do? Personally, I am concerned about
Microsoft's obvious lack of security knowledge, and I do not
want to trust them with my personal data. Thus, I will not be
using anything "protected" by passport, unless it is absolutely
necessary. I just have too many questions and concerns not only
about privacy, but about the safety of my personal information
from criminals, terrorists and other evil-doers.
To see a list of article available for reprint, you can send an
email to:
mailto:article-list@internet-tips.net?subject=send_article_list
or visit http://internet-tips.net/requestarticles.htm