eBay Retires MS Passport Sign-In 304
fihzy writes "eBay have announced they will retire Microsoft Passport Sign-In and .NET alerts. The Microsoft Passport Directory of Sites has been discontinued, too. Is Microsoft's Single Sign-On vision edging towards oblivion?"
May I be the first to say... (Score:1, Insightful)
well (Score:2, Insightful)
Good idea with major control issues (Score:3, Insightful)
It's been dead for a while, people are still cleaning up the carcus.
Good idea, bad implementation (Score:5, Insightful)
As a Webmkaster, I would like to have some simple authentication solution, so that the users dont have to register in forums and what not to post. However, the implementation is just unacceptable:
Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.
nope (Score:3, Insightful)
or perhaps I am suffering from wearing a tinfoil hat too much... but I think I might be on to something... replace passport with something directly tied to windows that users have no choice in, since their machines have unique ID's, as do their accounts... they will not be able to be anonymous on the web, and said info will be used to make browsing easier for average joe q. public, meanwhile identifying every user out on the web... really sneaky...
Re:well (Score:3, Insightful)
Re:Yahoo's going strong (Score:5, Insightful)
Re:Good idea, bad implementation (Score:3, Insightful)
Bad idea, implementation irrelevant. (Score:5, Insightful)
Bad idea, implementation irrelevant.
Instead of having to compromise each site (presumably on a semi-secure server), have just one single entity provide and verify the virutal avatar... based on data resident on a machine administered so incompetently as to have six types of spyware and four spammer worms on it because the underlying operating system is as secure as swiss cheese.
> Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.
I've lucky in that got a good "mind" for (secure!) passwords and have no trouble remembering dozens of them.
But even if I didnt... even if I wrote all my userid/password combinations on Post-It notes, a Post-It note resides in an area with reasonably secure physical access controls. Not so with a network-connected PC and a single-signon application.
Only Microsoft stuff is widely used (Score:3, Insightful)
(Xbox Live's case is a little more complicated, but it does use Passport at its core.)
Melissa
Just goes to show... (Score:4, Insightful)
Too many people (especially pundits) see such a list and take it as irrefutable evidence that the thing in question is destined to take over the industry.
Hubris, thy name is Microsoft (Score:5, Insightful)
1) with their record of bad faith toward their own customers and their ongoing security lapses, most knowledgeable end users would not trust Microsoft to manage their personal information, and
2) with their record of bad faith toward their own business partners and their ongoing security lapses, online retailers wouldn't relish the extra burden of sending a monthly tithe to Microsoft.
Luckily Microsoft makes bazillions off Windows and Office and can throw a couple billion here and there on various schemes--gaming, set top boxes, what have you. They know as well as anyone that the commoditization of operating systems and productivity software is underway and they won't be able to maintain their margins forever. If they don't find a cash cow soon they'll be forced to (horrors!) make less money.
One account for EVERYTHING... no thanks! (Score:5, Insightful)
It's sometimes irritating to remember a number of different logons/passwords, and maybe I'm just paranoid, but I prefer the compartmentalization that separate logons brings.
Hmm... GoogleLogins anyone? (Score:3, Insightful)
Anyway, the idea of a simple username+passport system for the 99% of websites where we care about security "a little" does exist. I think Passport was overengineered. I suspect that a most people will NEVER trust their bank passwords to the same system that holds their Slashdot passwords. Without that level of security, a lot of the engineering and compliance testing and associated costs aren't necessary.
I would imagine that "all" that's needed is a big database, some public key system, and a client-side tool to fill in the login forms. It's not THAT tricky.
I'm imagining someone like Google being able to offer this with relative ease. The GoogleToolbar can handle the client-side for automatic logins, or each site can provide an alternate manual login form. Google can easily handle the distributed database and web services stuff. And the free publicity would be excellent - a lot of smaller sites already have Google Logos for their site search, adding one on the login forms is probably reasonable.
Re:I actually used it (Score:2, Insightful)
You don't need to use a hotmail.com or msn.com email address to get a Passport. Any email address will work.
Bad idea anyway. (Score:4, Insightful)
If I did, I would want it to be my computer.
If I didn't want it to be my computer, I wouldn't want it to be on a computer I had to pay for.
And even if I were willing to pay for the inconvience of having someone else be in control of my passwords, I wouldn't want that person to be Microsoft.
Passport was based on a flaw premise;
The reason we don't provide personal information to every site that asks for it isn't because it's too hard to type it in.
-- Should you believe authority without question?
Re:Edging into oblivion? (Score:5, Insightful)
Re:nope (Score:3, Insightful)
Even if they did push for something like that do you really expect MS to follow their own standards?
Re:May I be the first to say... (Score:2, Insightful)
Re:nope (Score:2, Insightful)
That was actually EXACTLY the goals of Windows XP, it's integration with the
Be happy it failed. Be happy that users saw it for the privacy nightmare it was, and be happy that companies saw it for the information grab it was.
Re:Bad idea, implementation irrelevant. (Score:3, Insightful)
This would have worked for about 30 minutes before someone would have modified a worm to spy on the smartcard-reading-process.
Re:Bad idea, implementation irrelevant. (Score:3, Insightful)
Password managers are a pretty ideal solution. People tend to have a super-secret password for their bank account and crap passwords for noisy boards. My browser does a good job at storing them.
This is a solution looking for a problem more than anything.
They are bad (Score:2, Insightful)
it's all about holding valuable keys (Score:1, Insightful)
This, and the new MS push for signed code as a way of supposedly achieving security (as on the XBox) is all about one thing: MS wants to find a way to own some really important crypto keys. If they own private keys that MUST be used in order for the world to continue functioning, then they get huge amounts of free money with little effort.
For example, take the XBox. To run code on it, you have to have your code signed by Microsoft. For this, they have a private key (whose matching public key every XBox knows). Now they control access to the platform, and if anyone at all wants to sell software that runs on the platform, they must go through Microsoft. And there will be a "small" fee for getting Microsoft to evaluate your code, determine it really is safe, and sign it (or issue a certificate that allows you to sign your own code). Just a nominal fee, not really huge, just enough to make all the people at Microsoft filthy rich.
So, Microsoft is already doing this on the XBox, and their plan is (I think) to spread this wider and wider. Passport failed, but XBox works, and they will at some point try to add this to Windows under the guise of better security (even though it's not -- the XBox has proven that one exploit that allows you to run arbitrary code lets you circumvent the whole system). The goal is to control authentication "on behalf" of other programs, because then you can force everyone who writes any software for the platform to give you money. (All the better if MS can use the RIAA's and MPAA's fears to get them to lobby to restrict individuals' rights to run arbitrary code on their computers.)
sol'n: EMAIL/IM passwords for each login (Score:2, Insightful)
why?
the only common communication channel on the internet is email and -a bit less so- IM.
eg.: each time you sign on to a site you can get a different password for each time you log in via email or IM.