eBay drops Microsoft’s passport

[Red Squirrel]

http://sify.com/finance/equity/fullstory.php?id=13641288

Monday, 03 January , 2005, 08:06

Pune: With Monster.com, and eBay, dropping Microsoft's Passport and .NET services, the Redmond software major is learnt to be discontinuing what has widely been perceived as an attempt to dominate the Web services platform.

Monster Worldwide's job-hunting site, Monster.com, dropped Passport in October last year and the online auction site, eBay, recently announced that from late January this year, it would not allow members to sign in through Passport.

According to eBay, members using Passport will, henceforth, have to sign in directly. The auction site also announced that it would discontinue sending notifications through Microsoft's .NET alerts.

These developments are significant in the sense that, although Passport may not have brought many new customers to Microsoft products, it had been deemed by the company to be of strategic importance, by placing it in the middle of electronic transactions, essentially by keeping track of credit-card numbers and passwords as users surfed from one Web site to another. This enabled a hassle-free use of Web services based on user identity.

The initiative, however, ran into heavy weather soon after its launch, when a consortium of companies, comprising Sony, Sun Microsystems and Hewlett-Packard, formed the Liberty Alliance which issued guidelines for online customer-authentication services and supported rivals to Passport in developing more secure e-commerce applications.

In 2002, Microsoft was compelled by the US Federal Trade Commission to settle charges of privacy and security concerns relating to personal information of its users.

In May the following year, a bug in Passport security was reported.

The bug, according to technology-security experts, could have facilitated massive identity theft with an estimated 200 million users becoming vulnerable to the loss of critical data.

The bug had, in effect, enabled attackers to go around details such as users' country and city code before resetting the .NET password.

In fact, the well-known market research group, Gartner, advised businesses using Microsoft's Passport authentication service to abandon it. Gartner recommended that online retailers, credit outfits and financial institutions (and anyone using Passport for any "meaningful" business purpose) either immediately "break all Passport connections" or invest in "an additional, more secure form of authentication for all Passport identities."

Microsoft responded by saying that it did not have any evidence that accounts had been misused but acknowledged that a small number of accounts may have been breached.

It is understood that Microsoft has now decided to focus on building tools that can be used by other companies to create their own Internet programmes.

As a matter of fact, the company has been working with rivals to develop standards for Web services.

Meanwhile, with over 200 million users, Passport will continue to be the method for logging on to some Microsoft-owned services, including its free Hotmail e-mail service.

(more)

Archived topic from Anythingforums, old topic ID:1596, old post ID:21099