SIGN OUT OF PASSPORT
Microsoft Passport? Good or Bad for the Internet?
by Richard Lowe, Jr.
If you are anything like me, you've got dozens or even hundreds
of accounts spread all over the internet (and the planet, for
that matter). Each account has a different username and password
combination, which adds up to one big headache, trying to keep
it all straight.
I am aware of security, so I tend to create a different username
and password for each and every account. This makes it impossible
for a malicious person to break into one account and thus get
the information from all of my accounts.
Most people do not go through this much trouble. In fact, most
people simply create all of their usernames as their own first
and last name (perhaps with a number to make it unique) and use
very simple, and easily guessed, passwords.
Microsoft has now come along and proposed a solution to this
situation. Well, proposed is not the right word - Microsoft is
implementing a solution. It's actually a key component of their
NET strategy.
What they are doing is creating a "passport", called "Microsoft
passport", which is more or less intended to become the standard
way of gaining access to objects and information on the internet.
The concept is very simple indeed. You merely create a passport
account and give it a unique username (your email address). You
also give it a password. From that point forward, you can use
the exact same username and password to access anything which
supports passports (everything on a Microsoft web site, at the
least).
So far this is no different than any other account identifier.
For example, on Yahoo you create a Yahoo ID, which can be used
to access any feature operated by that company. Excite has something
similar as do many other web sites.
What is different about passports is the intention to turn it
into a standard to access everything on the internet. Microsoft
also intended to use passports as a centerpiece to it's .NET
initiative - passports will be the focus of it's security model.
What's wrong with this picture? Conceptually, it is actually
a good idea. Passports have the capability to enforce a security
standard across the entire internet, and Microsoft has the muscle
and staying power to make it work. Lord knows it will be convenient
to be able to log into hundreds of different sites using the
same username and password. This sure will make life easier for
a lot of people.
On the other hand, as demonstrated by the more than 45 security
alerts released by Microsoft in the first two-thirds of 2001,
this company is not well known for it's attention to security.
In fact, Microsoft is directly responsible for two of the worst
security issues on the internet today: Code Red and it's variants,
and email worms such as Melissa and SirCam.
Steve Gibson, author of the fabulous website Grc.com, makes the
following comment:
"With a bit of horror, I learned that Microsoft's developers
have no understanding of security."
If that doesn't send a shiver down your spine, I don't know what
will. Now, do you really want these people to be in charge of
the security of your bank account, medical records and dozens
or even hundreds of other records?
So what should you do? Personally, I am concerned about Microsoft's
obvious lack of security knowledge, and I do not want to trust
them with my personal data. Thus, I will not be using anything
"protected" by passport, unless it is absolutely necessary. I
just have too many questions and concerns not only about privacy,
but about the safety of my personal information from criminals,
terrorists and other evil-doers.
----------------------------------------------------------------
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets
at http://www.internet-tips.net - Visit our website any time
to read over 1,000 complete FREE articles about how to improve
your internet profits, enjoyment and knowledge.
----------------------------------------------------------------
