If you are anything like me, you've got dozens or even hundreds of accounts
spread all over the internet (and the planet, for that matter). Each account
has a different username and password combination, which adds up to one big
headache, trying to keep it all straight.
I am aware of security, so I tend to create a different username and
password for each and every account. This makes it impossible for a
malicious person to break into one account and thus get the information from
all of my accounts.
Most people do not go through this much trouble. In fact, most people simply
create all of their usernames as their own first and last name (perhaps with
a number to make it unique) and use very simple, and easily guessed,
passwords.
Microsoft has now come along and proposed a solution to this situation.
Well, proposed is not the right word - Microsoft is implementing a solution.
It's actually a key component of their.NET strategy.
What they are doing is creating a "passport", called "Microsoft passport",
which is more or less intended to become the standard way of gaining access
to objects and information on the internet.
The concept is very simple indeed. You merely create a passport account and
give it a unique username (your email address). You also give it a password.
>From that point forward, you can use the exact same username and password to
access anything which supports passports (everything on a Microsoft web
site, at the least).
So far this is no different than any other account identifier. For example,
on Yahoo you create a Yahoo ID, which can be used to access any feature
operated by that company. Excite has something similar as do many other web
sites.
What is different about passports is the intention to turn it into a
standard to access everything on the internet. Microsoft also intended to
use passports as a centerpiece to it's.NET initiative - passports will be
the focus of it's security model.
What's wrong with this picture? Conceptually, it is actually a good idea.
Passports have the capability to enforce a security standard across the
entire internet, and Microsoft has the muscle and staying power to make it
work. Lord knows it will be convenient to be able to log into hundreds of
different sites using the same username and password. This sure will make
life easier for a lot of people.
On the other hand, as demonstrated by the more than 45 security alerts
released by Microsoft in the first two-thirds of 2001, this company is not
well known for it's attention to security. In fact, Microsoft is directly
responsible for two of the worst security issues on the internet today: Code
Red and it's variants, and email worms such as Melissa and SirCam.
Steve Gibson, author of the fabulous website Grc.com, makes the following
comment:
"With a bit of horror, I learned that Microsoft's developers have no
understanding of security."
If that doesn't send a shiver down your spine, I don't know what will. Now,
do you really want these people to be in charge of the security of your bank
account, medical records and dozens or even hundreds of other records?
So what should you do? Personally, I am concerned about Microsoft's obvious
lack of security knowledge, and I do not want to trust them with my personal
data. Thus, I will not be using anything "protected" by passport, unless it
is absolutely necessary. I just have too many questions and concerns not
only about privacy, but about the safety of my personal information from
criminals, terrorists and other evil-doers.
To see a list of article available for reprint, you can send an
email to:
mailto:article-list@internet-tips.net'subjectsendarticlelist
or visit
http://internet-tips.net/requestarticles.htm
About the Author
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets
at http://www.internet-tips.net - Visit our website any time to
read over 1,000 complete FREE articles about how to improve your
internet profits, enjoyment and knowledge.