Forgot your password?
typodupeerror
Microsoft IT

eBay Retires MS Passport Sign-In 304

Posted by samzenpus
from the verify-this dept.
fihzy writes "eBay have announced they will retire Microsoft Passport Sign-In and .NET alerts. The Microsoft Passport Directory of Sites has been discontinued, too. Is Microsoft's Single Sign-On vision edging towards oblivion?"
This discussion has been archived. No new comments can be posted.

eBay Retires MS Passport Sign-In

Comments Filter:
  • well (Score:2, Insightful)

    by 0xdeaddead (797696)
    On one hand its cool if you forget your ID, because you use the site infreqeuently... On the other hand do you trust Microsoft that much?!
    • Re:well (Score:5, Interesting)

      by superpulpsicle (533373) on Wednesday December 29, 2004 @08:10PM (#11214425)
      Man I had a .net account. I always frequently login. Out of the blues one day, my password just locked me out. I emailed the M$ support folks, and not a single person replied. My account was just gone basically, and no one gave a shit.

      • Re:well (Score:2, Interesting)

        by adeydas (837049)
        that's microsoft's way of telling that they care...
      • Re:well (Score:3, Interesting)

        by gl4ss (559668)
        which is an prime example why you as a company like ebay wouldn't like to use the system.

        you wouldn't like to look/be responsible for a system you don't have the keys to, it's quite hard to fix things that you can't access even.
    • I actually used it (Score:5, Interesting)

      by CdBee (742846) on Wednesday December 29, 2004 @08:12PM (#11214440)
      6 months after MS Passport was introduced on eBay I started using it. I gave up using it 3 months later after missing numerous sales due to passport authentication fscking up and logging me in moments after the bid deadline ended

      Eventually, I got a new login and walked away from one with 20 favourable reviews on it thanks to that damned system. Hope it fries in hell.
      • by prostoalex (308614) * on Wednesday December 29, 2004 @08:34PM (#11214600) Homepage Journal
        Heh, yeah, that's true, Passport tends to lose your authentication cookie more often that a 3-year-old would lose his toys. You have financial losses, I would just get frustrated.

        On top of that I used their hotmail account to register for the Passport, since that's their recommended option. I never use Hotmail for my daily webmail, in fact, the only message I have there is a thank-you for signing up. The bozos from hotmail kept threatening me with turning off the account, and they did execute their threats every 90 days. So unless I remember to log in to the Hotmail account, which I never use, I lose my passport, and have to go through easy but still frustrating retrival system at hotmail.

        The guys who designed this system are probably competing with Clippy team on who builds the most annoying product.
        • by Osty (16825)

          On top of that I used their hotmail account to register for the Passport, since that's their recommended option. I never use Hotmail for my daily webmail, in fact, the only message I have there is a thank-you for signing up. The bozos from hotmail kept threatening me with turning off the account, and they did execute their threats every 90 days. So unless I remember to log in to the Hotmail account, which I never use, I lose my passport, and have to go through easy but still frustrating retrival system at

    • Re:well (Score:3, Insightful)

      by bulliver (774837)
      Speaking personally, it's not that I mistrust Microsoft (which I do...) but rather I don't trust *any* password saving programs. Simply put, the more you trust these tools to carry your sensitive info, the more you give up your security and privacy.
  • All editors at the slashdot camp are sporting wood right now pending this wonderful M$ news!
  • by douthitb (714709) <bcwood@gmail.TWAINcom minus author> on Wednesday December 29, 2004 @08:08PM (#11214411) Homepage
    Did I miss something? Was Microsoft's single sign-on vision ever in danger of becoming main stream?
    • by killjoe (766577) on Wednesday December 29, 2004 @09:29PM (#11214894)
      Although MS has suffered from a lot of spectacular failures latelly, anything they do is in danger of becoming main stream. A monopoly on the desktop and office software is a tremendous weapon to wield against the rest of the world.
    • by Anonymous Coward
      Monopoly trumps mediocrity on a regular basis.
    • by skrolle2 (844387) on Wednesday December 29, 2004 @11:59PM (#11215815)
      I used to work on a similar system for another major portal business, although only for our own portfolio of websites, and we took this stuff really seriously for a while. When eBay joined, we were starting to get a bit scared, because if the passport thing had taken off, our business would have gone bye-bye.

      The worst thing about Passport and the related .Net services was that MS intended not only to store a username and password, but store ALL user information. Participating sites would then have free access to the information they contributed to the system, but would have to pay for anything else. Also, using the entire .Net portfolio would have made it simple for web developers to build a system with a "secure" passport logon and user database, but VERY difficult to obtain control over their own data. Microsoft, on the other hand, would have complete access to all user data regardless of source. They could have become the gatekeeper, the only company with control over user data, and everyone else paying them for data mining rights in their own data. We should be VERY thankful that it didn't take off.

      In retrospect, Microsoft made a bunch of mistakes:

      1) The whole thing got muddled in the general confusion of .Net.

      2) Most other web companies actually valued control of their user data more than ease of development.

      3) No user demand for single sign-on, either because users don't care, or because they actually value their privacy and don't want different websites to share user data.

      It's finally gone. Good riddance.

    • I agree with you completely. For me, the only time I ever used the .NET Single-Sign on is in gaim, when logging onto MSN. I don't use hotmail and I don't otherwise use passport *anywhere*, so the "Single Sign On" was really "Just Another Password To Remember" for me.
  • by Donoho (788900) on Wednesday December 29, 2004 @08:09PM (#11214414) Homepage
    Is Microsoft's Single Sign-On vision edging towards oblivion?

    It's been dead for a while, people are still cleaning up the carcus.
  • by Anonymous Coward on Wednesday December 29, 2004 @08:09PM (#11214415)
    enough said...
  • by prostoalex (308614) * on Wednesday December 29, 2004 @08:10PM (#11214422) Homepage Journal
    The idea is not that bad - instead of thousands of sites and message boards requiring registration, login and confirmation of the e-mail, have just one single entity provide and verify the virtual avatar.

    As a Webmkaster, I would like to have some simple authentication solution, so that the users dont have to register in forums and what not to post. However, the implementation is just unacceptable:

    There are two fees for licensing Passport: a periodic compliance testing fee of $1,500 US and a yearly provisioning fee of $10,000 US. The provisioning fee is charged on a per-company basis.


    Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.
    • a periodic compliance testing fee of $1,500 US
      I bet those periodic tests just became more frequent for the sites that are left. Geez! Why would anyone sign a contract with MS so Ms could charge you $1,500 whenever they felt like making sure you were compliant. I bet they fine you for not being compliant as well!
    • by Tackhead (54550) on Wednesday December 29, 2004 @08:23PM (#11214521)
      > The idea is not that bad - instead of thousands of sites and message boards requiring registration, login and confirmation of the e-mail, have just one single entity provide and verify the virtual avatar.

      Bad idea, implementation irrelevant.

      Instead of having to compromise each site (presumably on a semi-secure server), have just one single entity provide and verify the virutal avatar... based on data resident on a machine administered so incompetently as to have six types of spyware and four spammer worms on it because the underlying operating system is as secure as swiss cheese.

      > Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.

      ...thereby saving themselves $10K, thereby limiting the damage from compromise to Just One Site, and thereby offering better security to the end user by accident.

      I've lucky in that got a good "mind" for (secure!) passwords and have no trouble remembering dozens of them.

      But even if I didnt... even if I wrote all my userid/password combinations on Post-It notes, a Post-It note resides in an area with reasonably secure physical access controls. Not so with a network-connected PC and a single-signon application.

      • by grumbel (592662) <grumbel@gmx.de> on Wednesday December 29, 2004 @08:41PM (#11214643) Homepage
        ### based on data resident on a machine administered so incompetently...

        That is what I call bad implementation, if done right this whole thing would have worked via smartcards. Have a key stored on that card and encrypt the login information on the card itself, don't store any information on the computer itself. Would have even allowed to move to another computer and login there without risking to get the password spyed away. Good smartcard are ever protected by a pin which you can enter on the card itself, so you don't even need an extra numpad. On the server side all that would be needed would be some standard protocoll to comminucate with the client/smartcard.

        Downside is of course that such smartcard reader would have cost a little bit of money, but given that now basically every PC comes with Flash-, SD-, XD- and whatever they are called slots, such a reader shouldn't have ben all that expensive, especially if Microsoft would have backed it up with a little 'force'.

        Sadly all dreams, and we are stuck for the coming years with passwords and password managers which basically store everything in almost plain-text on the client...

        • Have a key stored on that card and encrypt the login information on the card itself, don't store any information on the computer itself.

          This would have worked for about 30 minutes before someone would have modified a worm to spy on the smartcard-reading-process.
        • There's no way I'm carrying a card around to log into some phpBB board.

          Password managers are a pretty ideal solution. People tend to have a super-secret password for their bank account and crap passwords for noisy boards. My browser does a good job at storing them.

          This is a solution looking for a problem more than anything.
      • based on data resident on a machine administered so incompetently as to have six types of spyware and four spammer worms on it because the underlying operating system is as secure as swiss cheese.

        Can you provide a link to a story about this?
      • Kerberos V uses single sign-on and then uses secure tokens to authenticate. It's not a bad idea, provided the information on the client machine for generating/passing tokens isn't compromised.

        Now, it's true that Windows is not exactly the most secure system. Indeed, in recent security tests, it was passed by an unlocked door, and a large neon sign displaying the sensitive data.

        On the other hand, this is definitely the problem with the OS, and not the idea. If you run Kerberos on OpenBSD or a reasonably

        • I'd prefer a system that is capable of a moderate to high degree of flexibility, as you can't decrypt something if you don't know the encryption algorithm used.

          Your serious? This is not 1850... Encryption is based on keeping the key secret (or one of the keys secret with PKI). The algorithms should be well known, understood, and studdied by others in the field.

          It is unlikely that you would come up with a truly unique and fresh algorithm. You might have independently discovered it, but it has quite possi

      • Bad idea, implementation irrelevant.

        Some of the ideas in this system were bad, but auth aggregation is an incredibly useful idea already in widespread use. There are two ways I can think of that this idea could be usefully designed with a fair number of fairly minor variations.

        The real problem I see at this point is that of existing auth protocols RADIUS has already been extended beyond what it can do, diameter has turned into typical standards body masturbation that is so complex that complete workin

      • you have to cut the cheese to see the holes
        so you really cant compare that to windows
      • >> have just one single entity provide and verify the virtual avatar.

        > Bad idea, implementation irrelevant.


        So I guess you hide your money in your bed too? :-p
    • by CrazyJim0 (324487) on Wednesday December 29, 2004 @08:38PM (#11214622)
      I wrote a login/password script with no effort in less than an hour. The hardest part is getting an internet protocol compatible programming language, and actually writing your application.

      What they were asking is like holding the door open for someone then asking for a hundred spot.

      Passport not only had security flaws, but would be the biggest target ever imagined for phishing scams. Its funny too because the passport URL was so long that you didn't even see the www.microsoft part. You could have sent them to any site to login, and just kept their login and passport.

      Microsoft failures are great for jokes.
    • The Passport concept was, and still is good. I never gave MS's attempt a real chance, because I was annoyed of programs like MSN Messenger and XP Remote Assistance bugging/requiring me to get an account.

      Anyway, the idea of a simple username+passport system for the 99% of websites where we care about security "a little" does exist. I think Passport was overengineered. I suspect that a most people will NEVER trust their bank passwords to the same system that holds their Slashdot passwords. Without that
    • There really is no problem with each site having a different password scheme. As stated, it is much more secure. And how much of a hastle is it to register once, then let cookies take care of the login afterwards (or FF saving pwords, or apple keychain items?) This way you, as a user, are responsible for the safty of your passwords, as it should be.

      That and I have 3 levels of passwords, which these single identity sites don't handle well. One for nonsecure, who cares info. two random alphanumerics for
      • If was [sic] really important it would allow me...to change my password.

        In its infinite wisdom, Microsoft did make it possible to change your password. Here's how:

        1. Visit http://www.passport.com/ and sign in, if necessary. I even made it clickable here [passport.com].
        2. Click "Member Services."
        3. Click "Change my password."
        4. Type your current password. Then, type your new password, and type it again to make sure you typed it correctly.
        5. Click "Continue."
  • nope (Score:3, Insightful)

    by Quasar1999 (520073) on Wednesday December 29, 2004 @08:10PM (#11214426) Journal
    Why bother to sign in to passport when each user will only run windows longhorn, and each user will have their own account, and the current active account can be queried by the website via some new fancy secure API initiative that will be in longhorn... thus forcing everyone to have to run longhorn in order to do so much as use ebay or amazon...

    or perhaps I am suffering from wearing a tinfoil hat too much... but I think I might be on to something... replace passport with something directly tied to windows that users have no choice in, since their machines have unique ID's, as do their accounts... they will not be able to be anonymous on the web, and said info will be used to make browsing easier for average joe q. public, meanwhile identifying every user out on the web... really sneaky... ;)
    • Re:nope (Score:3, Funny)

      by M.C. Hampster (541262)

      Insightful? Give me a break.

      Yeah, I'm sure that eBay and Amazon want to make sure they limit all of their customer base to only those people running a brand new OS. Sure.

      And in case you didn't realize, the system you are describing is already built into Windows XP. It's name? Microsoft Passport. You can tie your Windows account directly into your Passport account so you don't have to login. Look how well that's worked.

      Please, try to learn a little more about what you are talking about before ma

    • Re:nope (Score:5, Interesting)

      by Broadcatch (100226) on Wednesday December 29, 2004 @09:03PM (#11214766) Homepage
      Windows Longhorn will have an identity system in it, currently code-named InfoCard. But from what I hear, they are actually looking for open standards on which to base their identity infrastructure, and this would make a *lot* of sense. If they promoted a system that was 100% decentralized (as opposed to the 100% centralized Passport), free and open source, and integrated it sweetly into their OS, they would have an identity system that would be peerless and increase their market share (or at the least, not drive people away so fast).

      The only system I know of that fits the bill is the nascent Identity Commons [identitycommons.net] system that is just starting to come online [2idi.com]. (Disclaimer: I am 2idi's CTO)
      • Re:nope (Score:3, Insightful)

        by killjoe (766577)
        What in MS history leads you to think that they would adapt a free and open source identity system? I mean have they adopted any standard without extending them?

        Even if they did push for something like that do you really expect MS to follow their own standards?
    • by nbert (785663)
      I don't think you are as trollish as some of the people replying suggest - they might use such a feature in Longhorn. It's not exactly a new idea to include such a service and it worked before.

      Who thought Microsoft would ever dominate the browser market when the first version of IE was released? I guess we all laughed. Then the newer versions became slightly better and since it was more convenient to use IE than Netscape (because IE came with the OS) everybody switched.
      Why shouldn't it work this time? And
    • Re:nope (Score:2, Insightful)

      by skrolle2 (844387)
      Why bother to sign in to passport when each user will only run windows longhorn, and each user will have their own account, and the current active account can be queried by the website via some new fancy secure API initiative that will be in longhorn... thus forcing everyone to have to run longhorn in order to do so much as use ebay or amazon...

      That was actually EXACTLY the goals of Windows XP, it's integration with the .Net Passport, and the .Net development portfolio. Microsofts vision was that every
  • Yahoo's going strong (Score:4, Interesting)

    by DogDude (805747) on Wednesday December 29, 2004 @08:11PM (#11214436) Homepage
    I've said it before... Yahoo has done single sign in, and they've done it well without being abusive. Why MSN couldn't compete, I have no idea (since I never used their stuff). With Yahoo, it's all tied together relatively seamlessly, with extra security when you go to buy stuff. But with one sign in, you can get customized mail (of course), weather, financial info, news, message boards (Yahoo Groups), bookmarks, etc, etc, etc. So it's not that it can't be done and done well.
    • by prostoalex (308614) * on Wednesday December 29, 2004 @08:15PM (#11214465) Homepage Journal
      Well, MS has single sign-in within their MSN zoo, but the idea was outside licensing to sites like eBay. I am not aware of any Yahoo! implementations on the sites outside of its own.
    • The notion of the "security key" id apart from the normal login. Its a kluge approach which confuses users that they need to fix long term.
    • I've had problems signing in to Yahoo too... For a while it would systematically prompt me to enter a captcha and my password again, although my password was correct to begin with... And of course tech support was useless. Somehow the problem has magically disappeared recently.

      This just tells me that single sign-ons are just a bad idea. Maybe you should at least have two different identities associated to an account, so if one fails you can use the other?
  • LOL (Score:4, Funny)

    by Anonymous Crowhead (577505) on Wednesday December 29, 2004 @08:12PM (#11214441)
    I read that as 'requires' instead of 'retires' and gleefully clicked on read more to see the frothing at the mouth that I assumed every single post would contain. What a disappointment.
  • Only other place i have seen that used it was Asheron's Call games.

    Those are currently being transfered to the developers in-house system.

    In a couple months that use will be gone too.

    What does that leaving using it? Hotmail?

    I never even linked my ebay to one of my .net passports even though i have several. Ebay already knows everything...why bother with passport.

    Nice idea but only handy if it filled out everything for you on lots of sites, which i dont think i'd like the idea of anyway.
  • by Ars-Fartsica (166957) on Wednesday December 29, 2004 @08:14PM (#11214460)
    I don't think any company relished the concept of Microsoft being in control of their user's data records. Microsoft just doesn't have the goodwill to get something like this done.

    When it arrives, single sign-on is going to have to come with some bill of rights for users...I don't see MS providing any level of transparency.

  • by BrynM (217883) * on Wednesday December 29, 2004 @08:15PM (#11214464) Homepage Journal
    .NET Passport - Directory of Site(s)

    The .NET Passport service offers streamlined sign-in at a wide range of Web sites and services that are soley owned by Microsoft.

    We have discontinued our Site Directory because nobody really trusts us and few people really care, but you'll know when you can use your Passport to make sign-in easier and the marketing data more easily collected. Just look for the .NET Passport Sign In button! We have one at least. You can use the Passport account you created to get us to stop bothering you about it after your Windows or Microsoft Office install process. One day, the powerful Passport login will give you exclusive access to Security Patches, Updates and Service Packs. Why not get used to it now?

  • by iamzack (830561) on Wednesday December 29, 2004 @08:17PM (#11214485)
    What is this E-bay?
  • It never was. (Score:5, Informative)

    by Fortran IV (737299) on Wednesday December 29, 2004 @08:22PM (#11214518) Journal
    Microsoft's Passport sign-on was never a single-entry system, even within Microsoft's sites. Not long ago they started requiring a Passport account to post to the MS support newsgroups, so I reactivated an old Hotmail account. Surprise! Logging on to Passport thru their newsgroups did not get me into Hotmail; I had to enter the Passport account and password individually for each system, whether I entered them sequentially or simultaneously thru two browser windows.

    As usual, Microsoft paid as little attention to their proposed standard systems as the rest of the industry. (Remember, Windows Notepad didn't get the Ctrl-O and Ctrl-S shortcuts until Windows 2000, even though other MS programs had them in Windows 3.x.)

    • I have a Passport account for the Microsoft Newsgroups and for my MSDN Universal subscription. I would constantly have to relogin to these sites whenever I opened the browser, even if I had already logged in to the other site. It was like a Single-Sign On system with multiple sign ons.

    • I'm also peeved that you can only have one user-id associated with an email address. I had to use Microsoft's IM program for work the other day, and signed up for an account with my secondary email addresses.

      Lo and behold, my secondary email address already had an account associated with it, but I use that for MSN Groups, which is personal, not work related. I had to create another email account to get a MS Passport, so that i could use their Microsoft's IM... (I couldn't use the work account for a couple
    • Agreed. "Single signon"? The last time I used Passport was to join my Bungie.net account and my Xbox Live Gamertag, to see my Halo 2 statistics.

      Two existing accounts need a third account to link them. "Single signon" becomes a bit of a misnomer....

      Incidentally, Bungie.net should allow you to sign in with your Gamertag alone. It seems that the Player Stats URL doesn't require a Bungie.net account, but they don't tell you that. There should be no need for me to create two additional accounts in order to acc
  • by Myria (562655) on Wednesday December 29, 2004 @08:25PM (#11214527)
    Passport does have a lot of users, but only for Microsoft stuff. MSN, Hotmail, and Xbox Live, all very popular, use Passport.

    (Xbox Live's case is a little more complicated, but it does use Passport at its core.)

    Melissa
  • about bloody time (Score:2, Informative)

    by pluke (801200)
    That .NET Passport signin broke for me the first time i used it with ebay and then i was unable to set up an ebay account for an entire month.
  • by SteeldrivingJon (842919) on Wednesday December 29, 2004 @08:31PM (#11214578) Homepage Journal
    Microsoft can trot out a list of companies participating in their latest 'innovation', but no matter how many companies sign up at the start, it really says nothing about the eventual likely success or failure of the system.

    Too many people (especially pundits) see such a list and take it as irrefutable evidence that the thing in question is destined to take over the industry.
  • by doodleboy (263186) on Wednesday December 29, 2004 @08:33PM (#11214583)
    Somehow Microsoft failed to consider that

    1) with their record of bad faith toward their own customers and their ongoing security lapses, most knowledgeable end users would not trust Microsoft to manage their personal information, and

    2) with their record of bad faith toward their own business partners and their ongoing security lapses, online retailers wouldn't relish the extra burden of sending a monthly tithe to Microsoft.

    Luckily Microsoft makes bazillions off Windows and Office and can throw a couple billion here and there on various schemes--gaming, set top boxes, what have you. They know as well as anyone that the commoditization of operating systems and productivity software is underway and they won't be able to maintain their margins forever. If they don't find a cash cow soon they'll be forced to (horrors!) make less money.
    • Anything that makes large companies make less money very well might be made illegal.
    • Luckily Microsoft makes bazillions off Windows and Office and can throw a couple billion here and there on various schemes--gaming, set top boxes, what have you.

      There was a woman who was head of Sony's game division in America that was being interviewed about the Xbox and how it was third behind Gamecube and PS2 in terms of unit slaes and game sales and they asked her how she thought Microsoft was going to respond to losing so much money on it.

      Basically she said something to the effect that Microsoft wa

  • by Schmucky The Cat (687075) on Wednesday December 29, 2004 @08:37PM (#11214616) Homepage
    It never worked anyways.

    I tried to use it multiple times. I'd be logged into MSN, MSN Messenger, reading hotmail, and in some new window (using IE, even) I'd try to log into eBay and, nope, same page, repeatedly, asking for the username and password.

    I'd have liked for it to work, but I don't think anyone at eBay ever actually cared whether it worked.

  • by Anonymous Coward on Wednesday December 29, 2004 @08:37PM (#11214617)
    I think some people are scared away because they believe that you need a hotmail-account to have a Passport. Not everybody want yet another useless, spam-filled webmail address.
    The fact is that you can use your regular email with Passport, but I think alot of people believe these two services to be the same.

    Maybe MS just need to relaunch the service. When it was created, Joe Average didn't have a gazillion different passwords. Things have changed since then.
  • by turrican (55223) on Wednesday December 29, 2004 @08:40PM (#11214640)
    The thought of a single web-based logon for access to so many different entities kinda scares me... Especially once it spans across companies.

    It's sometimes irritating to remember a number of different logons/passwords, and maybe I'm just paranoid, but I prefer the compartmentalization that separate logons brings.
  • by Weaselmancer (533834) on Wednesday December 29, 2004 @08:43PM (#11214663)

    Is Microsoft's Single Sign-On vision edging towards oblivion?

    Yes, the MS single sign on is going away and here's why. Anyone from Redmond reading this, listen up.

    Microsoft is not the Internet.

    I know, I know it's hard to believe...but it's true. The online community is actually *much larger* than Microsoft's vision for it.

    This is why "embrace and extend" (and then make incompatible) keeps failing as a strategy.

    • Likewise, Slashdot is NOT the computer marketplace. Which is why anyone from Redmond reading this doesn't give a crap.

      As for me, I would like a reasonable and optional single signon. Yes, I have a passport because my nephew uses Messenger and they made me get one for that. But I also have a bunch of low-security usernames and passwords. My slashdot ID, for example, is protected with a weak password. Go ahead. Crack it. Ruin my life.
  • by Anonymous Coward on Wednesday December 29, 2004 @08:56PM (#11214728)

    I hope not, I so liked the idea of having one login that if compromised would allow access to multiple sites for multiple micheiveous activities. This is why I used my .NET passport like I use the air I breathe, all the time.

    Please say it ain't so! How else can I be throroughly humiliated with just one account being cracked?

  • As if (Score:2, Troll)

    by HangingChad (677530)
    I remember when MSFT was hyping this loser and the presenter said something about users storing their credit cards on MSFT's servers. HAHAHAHA! Right. Like anyone is going to trust MSFT with their credit card numbers. That's almost as smart as storing a unencrypted credit card number on a Windoze box. And of course this droid was prattling on about how MSFT listened to what their customers wanted during the design. HAHAHA!

    I always wonder who those mystery customers are that they listen to? Because

  • Bad idea anyway. (Score:4, Insightful)

    by AnotherBlackHat (265897) on Wednesday December 29, 2004 @09:20PM (#11214849) Homepage
    I don't want my password to be stored on a computer.
    If I did, I would want it to be my computer.
    If I didn't want it to be my computer, I wouldn't want it to be on a computer I had to pay for.
    And even if I were willing to pay for the inconvience of having someone else be in control of my passwords, I wouldn't want that person to be Microsoft.

    Passport was based on a flaw premise;
    The reason we don't provide personal information to every site that asks for it isn't because it's too hard to type it in.

    -- Should you believe authority without question?
  • by nmoog (701216) on Wednesday December 29, 2004 @09:38PM (#11214937) Homepage Journal
    Certainly looks like MS have had enough of .NET Passport... Mouseover the "How do I become a .NET Passport Site?" on the directory site and it shows "http://www.microsoft.com/net/services/passport", but click it and your redirected to "http://www.microsoft.com/NET/default.aspx" with not a mention of .NET Passport.
    • Mouseover the "How do I become a .NET Passport Site?" on the directory site and it shows "http://www.microsoft.com/net/services/passport", but click it and your redirected to "http://www.microsoft.com/NET/default.aspx" with not a mention of .NET Passport.

      I don't think the docs have ever been there - looks to me like they're putting that site together but put it live before they finished it yet. The best link to follow is the Getting started [netservicesmanager.com] link on the passport front page.

      The Passport docs have been stal
  • lets see (Score:2, Funny)

    by Anonymous Coward
    how about i let a convicted corporate crimminal hold all my personal information, including user name & password, creditcard names/expiration dates/account numbers...

    does that sound like a good idea to you???

    it would be a really really cold day in hell before i let the likes of a greedy corporation such as M$FT have any of my personal info...
  • by alc6379 (832389) on Wednesday December 29, 2004 @10:12PM (#11215122)
    ...And it stinks.

    I've got a Passport because of my MSDN subscripton, and it's the only reason why I've got Microsoft Instant Messenger running on my system. But, it NEVER WORKS-- IE is supposed to realize you're signed in with your passport, and let you right on through to subscriber downloads, but that never happens. Everytime, I'm forced to sign in, and then hit the "I Agree" button to the MSDN Subscriber Agreement each time, as if I'm signing in for the very first time, every time.

    Sure, that might be lazy to not want to be hassled by those few key/mouse clicks, but if you're going to implement a feature and then require your subscribers to use that feature, at least make the feature work. After all, that was supposed to be the reason for Passport integration into XP, right? Just sign into Messenger, and then you'll be recognized at any .NET Passport enabled site?
  • Did anyone else read the article as Ebay requires MS Passport Signin ?

    I almost messed in my tighty whiteys!!!
  • Why Microsoft ever thought it was a good idea to put all eggs in one basket is a mystery.

    They (and the rest of the industry) are headed more towards a federated security world, where you have a myriad of stores with your identity, and realms of trust between servers. So it would enable single sign-on between your bank and other partners they worked with, but not necessarily have the same data that your favorite blogs or what have you would use.

    One example of a federated identity system is the Liberty All [projectliberty.org]
  • ...film at eleven.

    So, what's he going to do next? Build ShortHorn into every telephone?
  • They are bad (Score:2, Insightful)

    The people at Microsoft are such bullies.. Now give me a bunch of points for being insightful or i'll beat the shit out of you. Now don't tell anyone we had this conversation
  • Everone and their cousin seems to be jockeying to have THE single sign in solution...why should Ebay, which already possesses some of the most popular sites on the web, and therefore could relatively easily make a single sign in for those (HINT, HINT, EBAY!), kiss Microsoft's ass?

    'Course, say Ebay did dominate this field...would Microsoft play their game?

  • by GregWebb (26123) on Thursday December 30, 2004 @06:15AM (#11217514)
    When I saw this, I thought 'hang on, I can now register for an account!'. No, hang on, this makes sense...

    Much of my office communicates using MSN Messenger. I don't like it but never mind... I had never signed up for an account because, with Passport around, I didn't want to provide them with the slightest additional encouragement and blip in their userbase statistics that might help persuade another site to join their unholy alliance. Now that possibility appears thoroughly dead, I can sign up for one in peace and be able to send quick messages to colleagues more efficiently than through e-mail.
  • proves that passport is so dead nobody even cares to flame it anymore! yaay!
  • by Ath (643782) on Thursday December 30, 2004 @07:02AM (#11217615)
    Passport was not intended as just an authentication system. That was only one piece for Microsoft. The real benefits eventually would be in all of the data they would collect about you from each of their Passport partners.

    Once you understand how Passport works and would work in the future, it is so clearly a horrible idea that it is not funny. People often only think of it as a central repository for storing their passwords. Some like this idea for its convenience but the Passport model is so half-baked it is not even funny.

    If you want to understand how a truly well-designed system will work, take a look at the Liberty Alliance. Instead of the central repository method, it uses a federated approach to the problem.

    For example, if you have a bank account, a utility provider, and your employer, there is no need for those three entities to share all information about you. It should be up to you to define which information is shared, but you should only have to maintain it in one place.

    If your employer knows your home address, why not allow this data to be shared automatically to the other entities? Don't want to? Then you don't have to. You employer may know your bank account number to deposit your salary. Your utility provider may know your bank account number to deduct your monthly bill. Why not tell your bank to share this information with your employer and utility provider? If you change your bank, then your new bank will automatically update this information.

    Of course all of this has to be done in a secure way. But it is more likely that your bank will have secure connections to other entities than the layer where you inform those entities yourself.

    Best of all, the approach from the Liberty Alliance does not leave one vendor with the master key. The keys are still with you, you just might give certain keys to some of your vendors.

What this country needs is a good five dollar plasma weapon.

Working...