Microsoft Passports
| Category: Internet Tips | Date: 2002-12-24 |
If you are anything like me, you've got dozens or even hundreds of accounts spread all over the internet (and the planet, for that matter). Each account has a different username and password combination, which adds up to one big headache, trying to keep it all straight.
I am aware of security, so I tend to create a different username and password for each and every account. This makes it impossible for a malicious person to break into one account and thus get the information from all of my accounts.
Most people do not go through this much trouble. In fact, most people simply create all of their usernames as their own first and last name (perhaps with a number to make it unique) and use very simple, and easily guessed, passwords.
Microsoft has now come along and proposed a solution to this situation. Well, proposed is not the right word - Microsoft is implementing a solution. It's actually a key component of their .NET strategy.
What they are doing is creating a "passport", called "Microsoft passport", which is more or less intended to become the standard way of gaining access to objects and information on the internet.
The concept is very simple indeed. You merely create a passport account and give it a unique username (your email address). You also give it a password. From that point forward, you can use the exact same username and password to access anything which supports passports (everything on a Microsoft web site, at the least).
So far this is no different than any other account identifier. For example, on Yahoo you create a Yahoo ID, which can be used to access any feature operated by that company. Excite has something similar as do many other web sites.
What is different about passports is the intention to turn it into a standard to access everything on the internet. Microsoft also intended to use passports as a centerpiece to it's .NET initiative - passports will be the focus of it's security model.
What's wrong with this picture. Conceptually, it is actually a good idea. Passports have the capability to enforce a security standard across the entire internet, and Microsoft has the muscle and staying power to make it work. Lord knows it will be convenient to be able to log into hundreds of different sites using the same username and password. This sure will make life easier for a lot of people.
On the other hand, as demonstrated by the more than 45 security alerts released by Microsoft in the first two-thirds of 2001, this company is not well known for it's attention to security. In fact, Microsoft is directly responsible for two of the worst security issues on the internet today: Code Red and it's variants, and email worms such as Melissa and SirCam.
Steve Gibson, author of the fabulous website Grc.com, makes the following comment:
"With a bit of horror, I learned that Microsoft's developers have no understanding of security."
If that doesn't send a shiver down your spine, I don't know what will. Now, do you really want these people to be in charge of the security of your bank account, medical records and dozens or even hundreds of other records?
About the Author
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets. This website includes over 1,000 free articles to improve your internet profits, enjoyment and knowledge.
Web Site Address: internet-tips.net
Weekly newsletter: http://www.internet-tips.net/joinlist.htm
Daily Tips: internet-tips@GetResponse.com
Claudia Arevalo-Lowe is the webmistress of Internet Tips And Secrets and Surviving Asthma. Visit her site at http://survivingasthma.com
List of articles available for reprint: article-list@internet-tips.net
articles@internet-tips.net
http://www.internet-tips.net
I am aware of security, so I tend to create a different username and password for each and every account. This makes it impossible for a malicious person to break into one account and thus get the information from all of my accounts.
Most people do not go through this much trouble. In fact, most people simply create all of their usernames as their own first and last name (perhaps with a number to make it unique) and use very simple, and easily guessed, passwords.
Microsoft has now come along and proposed a solution to this situation. Well, proposed is not the right word - Microsoft is implementing a solution. It's actually a key component of their .NET strategy.
What they are doing is creating a "passport", called "Microsoft passport", which is more or less intended to become the standard way of gaining access to objects and information on the internet.
The concept is very simple indeed. You merely create a passport account and give it a unique username (your email address). You also give it a password. From that point forward, you can use the exact same username and password to access anything which supports passports (everything on a Microsoft web site, at the least).
So far this is no different than any other account identifier. For example, on Yahoo you create a Yahoo ID, which can be used to access any feature operated by that company. Excite has something similar as do many other web sites.
What is different about passports is the intention to turn it into a standard to access everything on the internet. Microsoft also intended to use passports as a centerpiece to it's .NET initiative - passports will be the focus of it's security model.
What's wrong with this picture. Conceptually, it is actually a good idea. Passports have the capability to enforce a security standard across the entire internet, and Microsoft has the muscle and staying power to make it work. Lord knows it will be convenient to be able to log into hundreds of different sites using the same username and password. This sure will make life easier for a lot of people.
On the other hand, as demonstrated by the more than 45 security alerts released by Microsoft in the first two-thirds of 2001, this company is not well known for it's attention to security. In fact, Microsoft is directly responsible for two of the worst security issues on the internet today: Code Red and it's variants, and email worms such as Melissa and SirCam.
Steve Gibson, author of the fabulous website Grc.com, makes the following comment:
"With a bit of horror, I learned that Microsoft's developers have no understanding of security."
If that doesn't send a shiver down your spine, I don't know what will. Now, do you really want these people to be in charge of the security of your bank account, medical records and dozens or even hundreds of other records?
About the Author
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets. This website includes over 1,000 free articles to improve your internet profits, enjoyment and knowledge.
Web Site Address: internet-tips.net
Weekly newsletter: http://www.internet-tips.net/joinlist.htm
Daily Tips: internet-tips@GetResponse.com
Claudia Arevalo-Lowe is the webmistress of Internet Tips And Secrets and Surviving Asthma. Visit her site at http://survivingasthma.com
List of articles available for reprint: article-list@internet-tips.net
articles@internet-tips.net
http://www.internet-tips.net
Copyright © 2005-2006 Powered by Custom PHP Programming