, 2005-01-10
Microsoft can save its ailing authentication service, but only by scaling back its expectations on what kinds of accounts Passport is fit to secure.
Expand all |
Post comment
|
Stamping Passport
, 2005-01-10 Microsoft can save its ailing authentication service, but only by scaling back its expectations on what kinds of accounts Passport is fit to secure.
Expand all |
Post comment
|
|
|
Privacy Statement |
We do need ubiquitious, trusted centralized authentication services, but MS is not the vendor that can garner the requisite trust. Actually, no software vendor is.
The USPS tried to do this in the mid-90's, stepping up to the plate to certify public keys, but their implementation required use of snail mail and failed.
Verisign would love to provide this service, but it's going to be hard to get a few hundred million users to pay an annual fee to Verisign for a certificate.
Perhaps the credit card companies could succeed, as they already authenticate hundreds of millions of account holders.
Regardless of the provider, any single sign on that provides access to sensitive applications/data needs strong, cryptographically based authentication. We put up with on-line banking using ID/password over SSL, but I imagine most people attempt to use different passwords for each account, to limit the potential exposure of a compromised password. The single point of failure mentioned in the article is a really bad idea if it relies on passwords and authenticates banking applications.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/290/29896#29896