Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Defends Passport To Privacy Group

Posted by timothy on from the just-look-at-that-shine dept.

securitas writes: "CNET reports that Microsoft is defending Passport as safe and secure in a presentation to the Center for Democracy and Technology. Other organizations such as the Electronic Privacy Information Center, Junkbusters and even the U.S. government may be lobbied by MS this week to fend off a Federal Trade Commission complaint filed by 15 consumer and privacy groups that charges unfair and deceptive practices."

5 of 250 comments (clear)

  1. security and privacy a difficult issue by Proud+Geek · · Score: 5, Insightful

    Passport is definitely an easier solution for consumers than any alternative yet presented. Having all your information stored in one central location is definitely better than having all your information stored all over the place. Microsoft also has a lot more motivation and resources to protect it than Joe Random Vendor.

    The problem is that they haven't had any success protecting it anyway. To be completely fair, neither has anyone else. The other difficulty is that although I would trust MS rather than JRV to protect my data, the necessity of distribution and interaction opens up a whole new class of security holes that no one has even thought of before.

    The unfortunate truth is that right now the only way to protect your privacy online is not to give out any information, and that Passport will do exactly nothing to remedy this situation.

    --

    Even Slashdot wants to hide some things

  2. Re:Selective paranoids by kilgore_47 · · Score: 5, Insightful

    So these privacy groups get worried about Microsoft's Passport leaking information when the biggest leaks of personal info are from fallen dotcoms and stupid e-commerce web sites? People, when you are paranoid, at least be paranoid to everybody, not just to Microsoft.

    "fallen" dotcoms are, by definition, no longer in bussiness. Complaining about them won't do any good. Microsoft, on the other hand, is very much in bussiness. Their passport service has a bad track record. There is no indication that microsoft has made any major changes in response to the barrage of criticism it has received. It's growing, and in the future you will undoubtedly see more sites where a passport login is required for certain features. That is why its important to be paranoid about this threat now.

    --
    ___
    The way to see by faith is to shut the eye of reason. --Ben Franklin
  3. Re:One password, multiple accounts, low security by sfe_software · · Score: 5, Insightful

    If I'm not mistaken, it's worse than that.

    Scenerio 1: User always uses the same login/password everywhere they go.

    If you obtained that username and password, you'd be able to log into any service *that you know they use*. You would not be able to log into any random service unless that user happened to have been there before.

    Scenerio 2: Passport.

    If you obtain their Passport login and password, you could log into services *the user has never logged into before*. I'll admit I don't know much about how Passport works, but it seems that you'd be able to use their credit cards and other personal information at any Passport-enabled site...

    So even though users may choose non-secure passwords and use the same info at many sites, you still would have to know what services the user has signed up with. Passport eliminates that obstacle.

    --
    NGWave - Fast Sound Editor for Windows
  4. Multiple passwords are *not* more secure by Anonymous+Brave+Guy · · Score: 5, Insightful
    Because people usually don't pick very secure passwords, it's better to have multiple passwords so that an evesdropper or other malicious person can't crack into all yur accounts.

    Unfortunately, that's just not true. Usability research has shown certain facts about passwords again and again. In particular, as soon as you start forcing users to remember several passwords, they immediately start using obvious and easy to remember passwords, or writing them down in a readily accessible location. Clearly, this does not improve security.

    Having a single sign-in, with a single, genuinely cryptic ID and password, is far more secure than twenty different authentication schemes for different facilities. Of course you rely on the keeper of that information to keep your data in a trustworthy fashion, but you have that problem anyway. At least with a single secure sign-in the average five year old can't guess everyone's ludicrously simple password.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    1. Re:Multiple passwords are *not* more secure by Anonymous+Brave+Guy · · Score: 5, Insightful
      Ah yes. Usability research, the great curse of the 21st century rears it's ugly head again.
      And why pray tell,should we take anything that involves people stupid enough to dump hot coffee or tea in their laps seriously?

      Good usability research involves observing the people who are actually going to use your product, using your product. If those people are stupid enough to dump your hot drinks on themselves, you need to design a product that stops them doing it. What you don't need to do is complain that they are stupid.

      This is the point. If you're designing a product, whatever it may be, and you want to sell it to a particular market, then your personal opinion on what that market should do is totally irrelevant. Your preconceived ideas about how they should behave are totally irrelevant. You have to watch what they do do and how they do behave, and adjust your product accordingly. If you don't, your product will not be a success, and all the ego in the world won't change that.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.