Forgot your password?
typodupeerror
Microsoft Privacy The Internet

Microsoft Loses Passport 271

Posted by michael
from the apply-at-consulate-for-new-one dept.
nikkoslack copies and pastes: "Microsoft is abandoning one of its most controversial attempts to dominate the Internet after rival companies banded together to oppose it and consumers failed to embrace it. The Redmond software company said Wednesday it would stop trying to persuade Web sites to use its Passport service, which stores consumers' credit-card and other information as Internet users surf from place to place."
This discussion has been archived. No new comments can be posted.

Microsoft Loses Passport

Comments Filter:
  • by AlexTheBeast (809587) on Friday December 31, 2004 @11:34AM (#11227841)
    Nobody believes that Microsoft focuses on security. Nobody.

    That is the reason that the passport system failed. The general computer using public is not
    really tech-knowledgable... however, they do know that credit card numbers are to be protected.

    (Of course, they don't realize that all of this spyware s!ht they have installed could
    grab their numbers just as easily.)

    Hopefully, Microsoft will turn off [tech-recipes.com]
    that damn reminder balloon now.
    • by turnstyle (588788) on Friday December 31, 2004 @11:41AM (#11227898) Homepage
      "Nobody believes that Microsoft focuses on security. Nobody. That is the reason that the passport system failed. The general computer using public is not really tech-knowledgable."

      Your logic kind of cancels itself out. You are correct that the bulk of the public isn't tech-knowledgable -- and so I'd say that it's safe to say that they didn't avoid Microsoft's Passport for security reasons.

      (after all, do they avoid Microsoft's OSes for security reasons?)

      Passport mostly failed because those masses didn't "get it" and didn't care to.

      • by Foofoobar (318279) on Friday December 31, 2004 @12:27PM (#11228165)
        Actually there are multiple reasons why the public didn't get it and it boils down to the public and the industry avoiding it because of the following:

        1. monopoly - nobody wants to give all their id's to one company to control

        2. lack of understanding - why do I need one company to have my login and password to use on all these sites when I, Joe Average, already use the same login and password on all these sites?

        3. security - Seriously, would you trust them with your login, pass, personal info and credit card information when they have had such a flawless run on security?

        Because of one of those three things (or a combination thereof), it failed. These are (oddly enough) the same stumbling blocks that continue to stump them with all product releases. In some ways, it would have been in Microsoft's best interest's to split the company either via the courts or themselves; in that sense, the baggage of the company would not follow every product. By splitting the company, the could effectively put a new face behind each branch and each child company would have a chance to remarket themselves and their products.

        On a negative, this would make it so that they would then have to compete more fairly in an open market and thus would cost them a share. It's give and take and right now no matter how you cut it microsoft loses.
        • 2. lack of understanding - why do I need one company to have my login and password to use on all these sites when I, Joe Average, already use the same login and password on all these sites?

          I think this covers about 95% of all arguments which don't include the pure ignorance of Passport.
          Joe Average User doesn't even know that he has with registering to MSN Messenger or Hotmail a kind of universal login which also works for eBay and other Passport affiliated sites. So he chooses j.a.user everytime he has to

        • Actually I don't think it was lack of consumer interest that did it. Most consumers would just accept it as the way they have to log in to their favourite sites if it was there. No, the reason was that Microsoft intended it to be an internet wide standard, but never actually persuaded more than 50 web-sites to use it. It was the web-site owners who couldn't see the benefit and/or didn't trust Microsoft and/or didn't see why they should pay for it.
      • nobody "got it" because they were trying to replace a service that worked just fine with another system that was more complicated. It was more complicated because you have to deal with a totally different website just to log into the website you want, and that's frustrating for people.
    • by totallygeek (263191) <sellis@totallygeek.com> on Friday December 31, 2004 @11:41AM (#11227900) Homepage
      Nobody believes that Microsoft focuses on security. Nobody.


      They do, and they market that very well. I recently saw an eighteen-wheeler pull through major cities showcasing Microsoft security products. Every business owner I spoke with that has had considerable expenses due to Microsoft's insecurities was amazed at their products. What I find most interesting is when a peer of mine went to a Microsoft propaganda seminar, they suggested the purchase of a Linksys router/firewall to place before their high-dollar security system. When asked what OS this equipment used, the speaker proudly mentioned Linux.


      The problem is age-old though. Viruses and Trojans [totallygeek.com] would seemingly not exist without Microsoft. Certainly, there would not be a need for anti-virus products because the numbers would be manageable enough via infrequent patching. Therefore, Microsoft is the problem.

      • Viruses & trojans & root kits would exist without microsoft.

        of course you would have more than 48 hours between the time a bug is found, and when the exploit starts working around the Net.

        Also the patches would come out as fast as the exploits are noticed. You also would have responsible programers, and the Apps that breaks are the ones that gets fixed, unlike Windows were if your game doesn't work anymore, MSFT just patches around so that the game works again.

      • >Viruses and Trojans would seemingly not exist without Microsoft.

        What does the link have to do with the subject?

        And viruses and trojans have existed before MS and the will long after. Its a computer systems issue not an MS one.
      • The link in your post has absolutely nothing to do with anything.

        Either way, viruses would still exist without Microsoft. The only reason that there are so many for Windows is because of its widespread use.
        • The link in your [the OP's] post has absolutely nothing to do with anything.

          Sure it does. Note the parent's UID and the home page. It was just a little bit o' Astroturfing, that's all.

          Without clicking, however, I'd wager that you were right. ;)
    • I have to wonder how concerned people are about losing their credit card info. My numbers have gotten out a few times, and it's little more than an inconvience of sending a letter to the credit card company. Banks these days partly compete on how quickly they'll "make it right" if you are the victim of fraud.
    • by krbvroc1 (725200) on Friday December 31, 2004 @11:53AM (#11227979)
      Nobody believes that Microsoft focuses on security. Nobody.

      I don't think it is just security - it is lack of trust on several levels.

      Personally,

      1) I do not trust Microsoft with my information

      2) I do not that Passport really added any value. From a privacy point of view, I could just as easily maintain multiple passwords on multiple sites with a password manager program - I use Roboform under both IE and Firefox.

      3) Companies did not want to hand over an important function of their business to a third party with little gain. Little value is added by letting a third party control this, yet it can provide huge leverage for MS in the future. I forget which year it was, but I recall Bill Gates saying that MS wanted to get a slice of every online transaction.

      4) I did not trust that the technology between the website and MS was safe. Some pages seemed to be unencrypted, etc. There did not seem to be any security guidelines required of sites that are Passport enableed - maybe there is, but it seemed lacking to me.

      5) I do not trust 'Privacy Policies' - companies can change them whenever they want and in certain instances (like TSA / Airlines) claim that the policies aren't binding, just PR. For me the best Privacy Policy is to not give out the data to the middleman in the first place.
      • 3) Companies did not want to hand over an important function of their business to a third party with little gain.

        Huh? It's just outsourcing your basic account management. Lots of companies outsource stuff for many different reasons. The idea is you also get a ubiquitous UI so it's easy and reassuring for anyone who wants to use it - that has value too.
    • by jcr (53032)
      I'd say that Passport's failure has much more to do with web sites realizing that Passport really didn't offer them much, and cost them quite a bit.

      -jcr
      • You're exactly right. All these people talking about security don't get it. There was no user base for passport, so sites aren't going to bother with it, and if sites don't require it people are never going to sign up. It's one more thing to remember when you have to use your credit card for other sites anyway. It's not that people cared a lot about security--they just didn't care at all about that sort of thing. MS may have underdedicated resources to marketing it, or tried to charge too much for it, makin
    • I turned it off that baloon by using Spybot Search & Destroy. It has some handy tools in the Advanced mode, so you can disable start-up crap. There's no reason to manually go into the registry to do that anymore.
    • by hugesmile (587771) on Friday December 31, 2004 @12:24PM (#11228149)
      A friend of mine - yeah, that's it.. a friend - runs a website that has a registration process, whereby people create their own accounts and passwords. To my amazement (my friend tells me that...) the vast majority of users sign up and provide an email address and password that is obviously the same password used elsewhere around the internet. With this password, my friend can easily retrieve / delete people's email, access some paypal accounts, and sign into other common services around the net.

      Good thing my friend is ethical! I can't emphasize enough - USE A DIFFRENT PASSWORD FOR EACH WEBSITE, such that no DB Admin from one site can guess your other passwords!

      • On that same theme, a message for web site admins: don't store plaintext passwords in your database! You should be storing a hash of the password, and never be able to guess somebody's password just because they have an account on your site.
      • I do use the same user/pass combos for most of the sites I go to, mostly forums and things like that. But I have different combos for the important accounts. All my e-mail accounts and credit card/bank account sites have different ones, and the admin pass for my OS X computer is different too.
      • by Richy_T (111409) on Friday December 31, 2004 @01:26PM (#11228587) Homepage
        Your friend should be storing passwords with one-way encryption such that he couldn't tell what they are anyway. Anything else is just asking to be hacked, have the passwords stolen then be liable for all the mischief that gets caused.

        Rich
    • I'd amend your statement to read:

      Consumers don't believe the IT industry focuses on their security.

  • Passport's failure (Score:5, Insightful)

    by turnstyle (588788) on Friday December 31, 2004 @11:36AM (#11227854) Homepage
    I think "rival companies banded together to oppose it" was far less relevant than "consumers failed to embrace it"
    • by Kierthos (225954)
      I would tend to think that "Consumers didn't know it was there" would also be a major part of it. You can't "embrace" what you don't know about.

      Kierthos
    • Absolutely. I know a lot of people who told me that they thought it was a cool idea (this was obviously not recent) until I said, "You mean the same Microsoft that announces exploits in their operating systems on a weekly basis? You mean the Microsoft that had its Hotmail servers broken into a few times? Is that the Microsoft that you want to trust with your credit card numbers?"

      The most common reply was "Oh. I never thought of that."

      I don't know that I necessarily believe that Microsoft has never
    • Why do consumers need to embrace a service they do not know of (or care about) the internal workings of? Especially when they have no alternative.

      Most consumers don't care about how they login to a service, it's just a form for them to fill in. If the form changes because that site switched to using another form of authentication, they have no choice but to switch with it.
    • by DoctorHibbert (610548) on Friday December 31, 2004 @12:02PM (#11228036)
      My wife was buying airline tickets on Expedia when it asked her to log in, the first log in choice was to use her Passport id. So she dutifully goes and retrieves her US passport. Yes, I laughed at her too, but still the confusion was understandable, she was buying airline tickets after all.

      Maybe if they would have called WebId or something more descriptive it might have caught on.
      • Maybe if they would have called WebId or something more descriptive it might have caught on.

        Because that would have made it seem even less secure [theregister.co.uk].
      • by soft_guy (534437) on Friday December 31, 2004 @02:14PM (#11228893)
        y wife was buying airline tickets on Expedia when it asked her to log in, the first log in choice was to use her Passport id. So she dutifully goes and retrieves her US passport. Yes, I laughed at her too

        I wouldn't laugh at her at all. Instead, laugh at the arrogant marketers at Microsoft that think they can take a noun with a very specific meaning and repurpose it (and probably trademark it too). Micorosoft products like "Word" "Windows" etc. are pretty poorly named IMHO, because Microsoft wants to avoid the expense of coming up with a real name.

  • by HawkinsD (267367) on Friday December 31, 2004 @11:37AM (#11227863)
    Thank God.

    I realize that it's probably the fault of the implementer, and not the technology, but I can't tell you how many times I've supplied my password to a page that was rendered without https.

    So I had to get two Passport accounts: one for secure things, like my MSDN account, and one for things that I didn't care who stole my password for.
    • by Dr. Evil (3501) on Friday December 31, 2004 @11:42AM (#11227908)

      Often the page is sent in the clear, but the submit action is an https link.

      Not that I think that such behaviour is good practice... just that it might very well have been encrypted.

    • I realize that it's probably the fault of the implementer, and not the technology, but I can't tell you how many times I've supplied my password to a page that was rendered without https.

      Huh? All logins are processed, AFAIK, are processed through passport.net on a secure page. The site you want to login to redirects you to a secure page on passport.net - with some branding from the original site - which redirects you back once you've logged it.
  • by Anonymous Coward on Friday December 31, 2004 @11:39AM (#11227881)
    /tinfoil hat on

    Microsoft will embrace the Libery Alliance's Passport service. Windows users will embrace it too because it will be ported into the kernel.

    Few years later, Microsoft will modify the protocol to extend it, adding their own proprietary features. Windows users have no choice but to embrace it.

    Microsoft will then lock out competitors from using their new version of Passport. They might even patent parts of it. In the end they will end up dominating the Passport buisness anyways.

    /tinfoil hat off
  • by Seabass55 (472183) on Friday December 31, 2004 @11:40AM (#11227882) Homepage
    "would stop trying to persuade Web sites"

    Perhaps if they did this mafia style with a hammer and some other blunt objects they would have better sucess
    • would stop trying to persuade Web sites

      in Microsoft Monopoly Speak - MMS (TM), really means "will consider a pause in their relentless assault, using their normal ordinance of bullying tactics"

      The normal ordinance includes: discounts on volume software, initiation of free services to smother the competitor, buy the competitor, make sure the competitors product 'breaks for no reason' on IE, guido the leg breaker, a legion of attorneys, concrete blocks, having clippy threaten to make them sleep with the phi

    • Homer agrees to sell his computer company to Bill Gates.

      "OK boys, "buy them out""

      His thugs smash things.

      "What, you think I got rich by giving people money?"
      • Homer:(to Gates) I reluctantly accept your proposal!
        Gates: Well everyone always does. Buy 'em out, boys!

        Bill Gates companions begin to trash the "office".

        Homer: Hey, what the hell's going on!
        Gates:Oh, I didn't get rich by writing a lot of checks!

        Bill Gates lets out a maniacal laugh. Homer and Marge cower in the corner as the room continues to be trashed.
    • I don't mean to troll, and maybe this was a typo, but the ditty I heard on the Simspons really worked for me.

      To the theme of the army march cadence a la "I don't know but I've been told, the Parthenon is mighty old...." . "S-u-c-c-e-s-s, that is how you spell success" I haven't screwed up that word since.
    • "would stop trying to persuade Web sites"

      Perhaps if they did this mafia style with a hammer and some other blunt objects they would have better sucess


      You mean like they did when they threatened some of their largest customers with much higher licensing costs when they were considering deploying Netscape instead of Internet Exploder (as detailed in the anti-trust court records)?

  • by p0 (740290) on Friday December 31, 2004 @11:40AM (#11227883)
    Microsoft will still use Passport for MSN services like Hotmail.
  • Ebay (Score:5, Interesting)

    by ViolentGreen (704134) on Friday December 31, 2004 @11:41AM (#11227893)
    Perhaps Ebay's decision to drop it [yahoo.com] was the final straw.
  • by munehiro (63206) on Friday December 31, 2004 @11:44AM (#11227914) Journal
    Just some questions. Is the liberty alliance project still alive? does it provide a decentralized authentication proxy and will it be deployed concretely in some future?

    There were a lot of rumors about this "passport killer" but now it seems to be faded into silence.
    • Well, if the sole purpose of the Liberty Alliance was to kill Passport (as opposed to actually providing a competitive technology) then the Alliance will probably disband. The reasons for Passport's failure are legion, but lack of trust in Microsoft probably isn't the primary one. I'd say it was a solution trying desperately to find a problem. Even if Passport were provided by a corporation with the public's complete confidence (I can't name one offhand), Passport didn't serve a particularly useful purpose
    • Yes, according to their web site [projectliberty.org] they are. And the Internet2 community (mainly universities) is developing a way for its users to interact anonymously with online sites that require an identity. It's called Shibboleth [internet2.edu] . The weak spot in "Shib" is that it relies on the university's LDAP server to determine your status, but the identity that goes out across the net is regenerated for each new use and is short-lived. This wouldn't work for purchases, but it can define you as a legitimate subscriber to a servic

    • Liberty Alliance has been going through some transition among the senior ranks. It seems that the large consumer-oriented financial-services company that drove a lot of the initial buzz is taking some baby-steps away from the initiative. There seems to be some surprise that uptake for the L/A standards seems to be slow. Also, the vendors producing Liberty toolsets (including the open source ones) aren't maturing all that well. L/A does not truly mandate anything deeper than a fairly obvious and simplistic
  • Not surprising (Score:5, Interesting)

    by PhlegmMaster (596165) on Friday December 31, 2004 @11:44AM (#11227915)
    They shot themselves in the foot a long time ago with extremely high licensing costs and requirements as well as complicated implementation requirements (not to mention the tiny client portfolio or constant security problems).

    Besides, there's no push for businesses to either adopt single-sign-on services, or for customers to want it.
    Businesses require flexibility when it comes to user authorisation and profiles that 3rd-party services cannot offer.
    Most people either use the same user-name and password combination for all of their services, and there aren't many browsers that won't auto-complete u/p forms.

    At least with this announcement, Microsoft might be able to push some of it's resources from trying to push this serviced to 3rd parties to fixing the services internally (ever tried to log-out?)
    • Re:Not surprising (Score:2, Informative)

      by ian13550 (697991)
      Besides, there's no push for businesses to either adopt single-sign-on services, or for customers to want it.
      Businesses require flexibility when it comes to user authorisation and profiles that 3rd-party services cannot offer.


      Wow -- you really haven't been paying attention. Passport was AUTHENTICATION only (WHO you are) and not AUTHROIZATION (what you can ACCESS). Partner sites could always control what Passport users had access to.

      Also, there is a very real need for this type of technology. Case in
    • Besides, there's no push for ... customers to want it.... Most people either use the same user-name and password combination for all of their services, and there aren't many browsers that won't auto-complete u/p forms.

      I dunno about this... I'd sooner have a single login for the most part. First, I don't exactly think that auto complete is either secure or praticle. I have 4 machines in my home alone that I access the internet with and what if I'm using a public terminal? Atleast with a universal login I
  • by phaln (579585) on Friday December 31, 2004 @11:45AM (#11227930) Homepage
    When Microsoft continued to leave "security" off its list of "necessary items" to follow up on for years, they pretty much shot any hopes of controlling a unified authentication system out the door.

    Nobody takes them seriously as far as security goes. Just reading the headlines for a day would make that abundantly clear.

    Perhaps a competitor will come out with a clean record and a compelling product, but in this area it isn't going to be Microsoft, if anyone.
  • by ThinkTiM (532164) on Friday December 31, 2004 @11:46AM (#11227932)
    a public/private key scheme where public registrars keep your key. You keep your list of credit cards and identities on YOUR own devices. You then send encrypted information containing your credit card or identity in an industry standard packet of encyrpted information along with a link to the registrar.
    • how about te java ibutton it can be encrypted in the button, then when you need to communicate it the java ibutton simply encrypt it with the current session key after validating your user pin that was sent to it. secure from one end to the other and if you break one session key you can not break any other as they are all differnt.

      this has been around for a really long time. I demoed this back in 1998 at a Java conference when they were giving away rings with the java ibutton embedded in them.

      I still hav
  • by nurb432 (527695) on Friday December 31, 2004 @11:46AM (#11227934) Homepage Journal
    They will be back. They have the time and the funds to punt on this..

    But they are not done...Total domination takes time.. They learned that lesson with java and the web in general...
  • So whats next? (Score:2, Interesting)

    by v0idnull (707821)
    So really, whats next? If anything, the world would benefit from some simplification in identification. I'd feel more comfortable with one company or government knowing my details, then 20/30 companies and various different governments knowing my details. Mind you, Passport sucked. But thats no excuse to not try to do something better.
  • Noble cause (Score:5, Insightful)

    by confusion (14388) on Friday December 31, 2004 @11:52AM (#11227971) Homepage
    The idea behind passport, at least partly, was a good idea in making the internet a little more consistant and easier to use for the herds of everyday people. The big problem is that when a company like MS forges a solution, its going to have strings attached and a financial motivation to pressure companies to do things they don't want to do.

    I still think the idea is valid, but the implementation and execution, in true MS form, left a lot to be desired.

  • ms money (Score:2, Interesting)

    by Anonymous Coward
    Maybe MS Money 2005 won't force you to use passport. I'm still using MS Money 2001 for this reason.
    • Maybe MS Money 2005 won't force you to use passport. I'm still using MS Money 2001 for this reason.

      No, I think it does. I suspect they're using it so they can cut off your access to the MSN financial feeds after however-many years you get. You can get a demo from Microsoft and try it if you want.

      But Money *2004* definitely has a no-Passport 'I don't need to use online features' option.
  • by Yaa 101 (664725) on Friday December 31, 2004 @12:06PM (#11228060) Journal
    Let me have my 1000's of different logins as you can't imagine what happens when your only identity online get's compromised.
    Imagine the work you need to pick up the pieces, this after all the work you need to make sure that the theft's impact remains small...

    People that buy in on a single net identity are not so smart it seems...
    • Let me have my 1000's of different logins as you can't imagine what happens when your only identity online get's compromised.

      But can you remember them *all*? Or do you write them down somewhere, making a different single point of failure?

      Most people just use the same set of passwords anyway. If you got hold of Amazon's passwords you'd probably have access to a huge number of eBay accounts, for example. It all comes down to convenience, and if the single point of failure is well secured and well administe
  • Newsflash! (Score:5, Funny)

    by Foofoobar (318279) on Friday December 31, 2004 @12:18PM (#11228115)
    Innovation isn't really innovation if no one wants it but you.
  • Misconceptions (Score:5, Informative)

    by RupW (515653) * on Friday December 31, 2004 @12:19PM (#11228118)
    The Redmond software company said Wednesday it would stop trying to persuade Web sites to use its Passport service, which stores consumers' credit-card and other information as Internet users surf from place to place."

    • Passport does not store your credit-card details any more. You had to opt in to passport's Wallet service to do this. Microsoft discontinued Wallet a long time ago.
    • You do not have to provide any personal details to Passport. If you do, you can refuse Passport permission to pass them on to other sites. In this case, all the end sites get is your 64-bit user ID.
    • End sites cannot store information in your Passport account. The API is one way only. To alter the details in your Passport you have to go to passport.net
    • Passport is a trusted third-party for authentication. You don't log into any passport-enabled site directly; they redirect you to a secure page on passport.net (often with some source-site branding) and Passport redirects you back to them once you've logged in.
    • Passport absolutely DOES NOT "store your passwords". A few people said this in the eBay story's comments (!). Come on people, we're supposed to be tech-savvy here.

    I'm almost sorry to see it go - it was a usable, simple to integrate single-sign-on with a big name, money and a fair critical mass behind it. Shame the entry price was so high.
    • Re:Misconceptions (Score:5, Insightful)

      by s7uar7 (746699) on Friday December 31, 2004 @12:26PM (#11228163) Homepage
      Coupled with the cost, that 2nd point will be the reason there was such a low take-up by 3rd party sites. Companies use your registration details for far more than just letting you in to the site - giving demographics to advertisers for example. If they're going to allow logins from clients with no details, they may as well do away with the registration all together.
  • by mr. marbles (19251) on Friday December 31, 2004 @12:20PM (#11228130)
    To quote Nelson Muntz from The Simpsons "HA-HA!"
  • by bec1948 (845104) on Friday December 31, 2004 @12:53PM (#11228382) Homepage

    The real action is in federation and the ability of identity management systems to share trusts. Sure, it would be convenient if we didn't have to worry about the dozens of passwords we require for web sites we visit, including Slashdot. But that's a mere inconvenience compared to the issues faced by large organizations attempting to communicate together at an application level of trust.

    There are many instances where two or more organizations would like to allow individual humans ,software programs, and devices to communicate once they've been properly identified as 'authenticated' on each other's systems, but the costs of determining which of these entities have that appropriate authorization is too high for the recipient organizations. It's difficult enough to ensure that one's own people/programs have appropriate authorizations and privledges.

    Sharing information on each of the potentially millions of instances requiring authentication becomes prohibitively complex and costly. Just managing a directory system that contained 1/4 million employees and a million other internal objects is a huge undertaking. Adding even a fraction of that number of directory objects from dozens of other entities is a burden unlikely to be acceptable.

    Enter Federation. My organization trusts these individuals with the set of priviledges that our two organizations have agreed upon as apporpriate for our digital communications and my organization accepts the responsibility to maintain the integrity of our side of the connection. Our identity management system connects to yours and through the use of appropriate handshaking protocols (the federation part - over simplified, I know) demonstrates that trust exists and the communication can occur.

    Now instead of maintaining a directory of millions of outside entities etc., we need only maintain a directory record for each approved communcations process.

    These issues cross so many disciplines and technologies from e-mail and IM, to SOA and more, that federated trusts becomes necesary if the process is to work at all. Further discussion of this topic belongs, and probably already exists, in a another thread.

  • by SilentChris (452960) on Friday December 31, 2004 @12:56PM (#11228401) Homepage
    You know, I keep reading that no one trusted Passport because of Microsoft's history of security. I know that's one reason I didn't (my only Passport account hooks up with Hotmail and Xbox Live) but let me ask you this:

    Would you go for a universal authentication system if it was run by Apple? How about if open source folks developed a system aside from Sun's and tried to market that? I wouldn't.

    There's nothing inherently more secure about having my passwords stored on a single server out there than the current system, and, quite frankly, there's not much more convience in it.

    The only "true" solution I could see for universal passwords is something akin to Keychain on Apple, or, to a lesser extent, saved passwords in Windows. Something that would store all passwords locally, encrypted, and would allow the user to use one login. Match that up with, say, a biometric recognition scheme, and I'd be all for it.
  • by BlueTooth (102363) on Friday December 31, 2004 @01:22PM (#11228559) Homepage
    A lot of people focus on the issues of passport as trusting Microsoft issues. While we here might feel that way, the world at large either does trust Microsoft, or doesn't care / know any better. However, and I don't know if my experiences were common, every time I tried to use passport, it would fail to log me into the site claiming to support it! I would invariably get stuck in a forwarding loop and never get authenticated...every year or so I would get an opertunity to try the login again, every year I thought, "they probably got the kinks out by now" and every year, it didn't work.
  • Uh...shouldn't it be "Microsoft Looses Passport"? ;)
  • Passport, shmashport (Score:2, Interesting)

    by oldfox (799873)
    It was a poor design and like the Soviet Union once the central plan didn't comport with reality, it had to die on the ash heap of history. The idiot MSN Groups is what killed it for me. If you have multiple identities, multiple email addresses, and different ones are joined to different groups, you can't remember which identity is to which group. The idiot MSN implementation sends you emails from the group but doesn't show you the email address that the message is being sent to--your own email address.
  • by terryfunk (60752) on Friday December 31, 2004 @02:02PM (#11228822)
    More and more, all of MS's 'innovations' are tanking. Passport, Active Directory, Xbox, MSN 'google' search engine, IE, recently acquired AV software and the list goes on and on, not only were NOT innovative, they actually purchased the technology. See: [http://www.vcnet.com/bms/departments/catalog/cata log.shtml]

    They then embraced and extend the technology they purchased.

    Of course one of the worst purchases was PassPort.
    ugh!!! Good riddance......
    • What a stupid post, even for Slashdot...

      * Passport - Yep, you got that one right. It tanked not because it was a bad idea, but because it was executed horribly bad. Be that as it may, your right, it failed. You are 1 for 1.

      * Active Directory - Not even close to a failure. No, it's not the basis for every network as I'm sure they wanted, but it is used, and used with great success generally, in MS shops around the world. You can hate it, you can say some people have trouble with it, you can point out
  • by Cloud K (125581) on Friday December 31, 2004 @02:11PM (#11228874)
    People don't like being nagged, and when nagged many have a tendency to do the opposite.

    Myself, my father, my mother all had to go through the same thing. "Please create a passport" "OK, wtf is a passport and why do I want it?" *click* (lots of marketing mumbo jumbo that Joe Average has to make an effort to read (a big no-no). *click "later" or whatever*

    Next reboot "Please create a passport!!11one!" - at this point you start to get mildly irritated. "I told you last time - now if I find I have the need for a Passport I'll come get one! Go away!"

    Next reboot "Please create a passport OR ELSE!!!" - now you start to get pissed off. Stop nagging, I hate things that nag especially computers, go-the-heck-away. Now you make a conscious effort to *avoid* learning about Passport. This is where MS go wrong. What they should have done is made it so that you *want* to learn about Passport - not so that you hate it so much before you even know what it does that you never want to see it again.

    Next reboot - "Your desktop is untidy. Clean it up please" - at this point you either a) Bend over and do what it says, b) Go to a tech tip site and learn how to turn *off* all the stupid naggy things that try to tell you want to do, c) Format and install Linux or d) Put the Dell in the bin and buy a Mac.

    I seriously hope when Longhorn comes out they look at some of the simple Human-Computer Interaction guidelines like "don't try to make the computer (sorry I forgot the word... androsomething... where it acts like a human)" and "don't nag". Nagging = bad impression of product.
  • by reallocate (142797) on Friday December 31, 2004 @02:47PM (#11229074)
    >> Microsoft is abandoning one of its most controversial attempts to dominate the Internet...

    While I don't that that Microsoft or any other business would dearly love to dominate the Internet, I never got the impression that Passport was anything more than a thinly veiled branding effort intende to drive traffic to sites that had done deals with MS. The whole thing was premised on the now-understood-to-be-wrong assumption that logging on to different sites was going to present an insurmountable hurdle for people. (It hasn't; everyone just uses the same damn ID and password for everything.)

    Remember, the Internet is just a network. What counts is the content. If you wanna dominate the Internet. dominate its content.
  • by melted (227442) on Friday December 31, 2004 @02:59PM (#11229121) Homepage
    A protocol built into browsers that would allow the site to request passwords from your local cache automatically and securely. This should confirm the identity of the site. Passwords should never travel over the wire. Hashes should go over the wire strongly encrypted.

    The benefits are:
    a. You only enter your password once. After this _browser_ asks you if you want the site to log you in automatically.
    b. This won't cost the web site using the service a dime to implement (if it's GPL/open source).
    c. This will decentralize password storage.
    d. This will force web sites to use encryption when doing authentication.
    e. This will prevent spoofing.
    f. This will probably be a lot more effective at killing Passport than posting on Slashdot.

    So there you have it, crypto gurus. Now go write a server piece and a toolbar/firefox plugin for it.
  • by MilenCent (219397) <johnwh.gmail@com> on Friday December 31, 2004 @07:00PM (#11230745) Homepage
    Take note: Microsoft lost one, and it was not a small one.

    We tend to discount it now because it's been a couple of years, and Passport's decline has been long and slow, but we were all scared, once, of Passport and what it might mean for the web, with Microsoft's marketing might behind it, with managers' inflated opinion of MS and tendency to give them a pass to do whatever the hell they wanted with their computers.

    There's a tendency to view Microsoft as an unstoppable juggernaut, and this opinion is somewhat self-fulfilling. We percieve them as unstoppable, so why bother trying to resist? They may have the occaisional Microsoft Bob, after all, but... look at Windows!

    Microsoft loses more battles than you'd think, that's my only point.

FORTRAN is a good example of a language which is easier to parse using ad hoc techniques. -- D. Gries [What's good about it? Ed.]

Working...