Friday, December 31, 2004

Microsoft Stops Pushing Passport as Universal Web Login

The Passport system, used by Microsoft to authenticate users in their Hotmail and MSN instant messenger technologies, is no longer being pushed as an authentication tool for on-line transactions at non-Microsoft websites. According to an article on The Seattle Times, E-Bay and Monster.com have stopped using Passport to authenticate users on their systems. This is excellent news, as having a proprietary system implemented as an Internet standard would be a terrible blow to the freedom and security of the existing systems. Imagine having to wait another month for the next roll-out of security patches from Microsoft (or any other vendor) before you could make any "safe" online transactions.

The importance of having open standards that are available for auditing by the public and professionals who are not worried about how much they are going to make from the success or failure of the system they are auditing is of extreme importance when considering the security and privacy of financial information. We, as consumers and security professionals, must take a stand against proprietary standards and push for open standards that are not subject to a profit margin and investors who only care about how their bank account grows.

No comments: