Slashdot Mirror

← Back to Stories (view on slashdot.org)

Analysis of Passport Flaws

Posted by ryuzaki0 on from the something-to-think-about dept.

An anonymous reader sent us an excellent (and technical) paper describing problems with Passport its not lame anti ms rhetoric, its actually a well written technical assesment of security problems with the unified login that passport aims to achieve. This is a good read.

1 of 174 comments (clear)

  1. Windows users by Cave+Dweller · · Score: 2, Troll

    "The bulk of Passport's flaws arise directly from its reliance on systems
    that are either not trustworthy (such as HTTP referrals and the DNS) or assume
    too much about user awareness (such as SSL). Another flaw arises out of
    interactions with a particular browser (Netscape). Passport's attempt to
    retrofit the complex process of single sign-on to fit the limitations of
    existing browser technology leads to compromises that create real risks."

    Do we really *need* Passport?