Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Defends Passport To Privacy Group

Posted by timothy on from the just-look-at-that-shine dept.

securitas writes: "CNET reports that Microsoft is defending Passport as safe and secure in a presentation to the Center for Democracy and Technology. Other organizations such as the Electronic Privacy Information Center, Junkbusters and even the U.S. government may be lobbied by MS this week to fend off a Federal Trade Commission complaint filed by 15 consumer and privacy groups that charges unfair and deceptive practices."

33 of 250 comments (clear)

  1. One password, multiple accounts, low security by Ghoser777 · · Score: 4, Informative

    This says it all:

    "One of Passport's greatest security weaknesses may be the single sign-on process, analysts said. The single point of entry could also be a single point of failure. Since the ID is always an e-mail address, someone looking to break into an account might easily obtain half the information needed to do so."

    Because people usually don't pick very secure passwords, it's better to have multiple passwords so that an evesdropper or other malicious person can't crack into all yur accounts. U of I just made people intentionally set all their 3 or 4 passwords instead of just giving them one the applied to all 4 (although most people tend to choose the same password for all their online services anyway)

    Also, because Passport's trying to incorporate a lot of information in one place that used to be distrubuted in many different places, if some one hacks into Passport, there goes all your privacy.

    F-bacher

    --
    James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
    1. Re:One password, multiple accounts, low security by sfe_software · · Score: 5, Insightful

      If I'm not mistaken, it's worse than that.

      Scenerio 1: User always uses the same login/password everywhere they go.

      If you obtained that username and password, you'd be able to log into any service *that you know they use*. You would not be able to log into any random service unless that user happened to have been there before.

      Scenerio 2: Passport.

      If you obtain their Passport login and password, you could log into services *the user has never logged into before*. I'll admit I don't know much about how Passport works, but it seems that you'd be able to use their credit cards and other personal information at any Passport-enabled site...

      So even though users may choose non-secure passwords and use the same info at many sites, you still would have to know what services the user has signed up with. Passport eliminates that obstacle.

      --
      NGWave - Fast Sound Editor for Windows
    2. Re:One password, multiple accounts, low security by Kierthos · · Score: 3, Insightful

      And of course, when it does get hacked (I'm sorry, we're talking about M$ here, someone will hack it just because of that) and J. Random User ends up with thousands of $ worth of porn site use, or eBay charges, or whatever, what will be the reaction from M$?

      A service pack? Abject denial?

      It's simple... if you're providing an online service, you need to supply the best protection possible to your clients. And there is no indication that M$ has the slightest clue on how to do this.

      Kierthos

      --
      Mr. Hu is not a ninja.
    3. Re:One password, multiple accounts, low security by vsync64 · · Score: 3, Interesting
      Keyring for PalmOS. This thing is perfect. Set up an account, generate a new random password. Then I look up the password the first few times I need to access the account (it helps that my Visor is always either on the desk or clipped to my belt). After that, it's burned into my brain.

      The funny thing is, I don't know if it uses some kind of mnemonic algorithm like VMS's password generator does, but I find the generated passwords to be very rhythmic and easy to remember. I'd give an example of my favorite, but then I'd have to change my credit card password :P. Of course, it may just be something peculiar about how my mind works; I've always found it very easy to remember arbitrary number sequences when they are used frequently in my daily life (phone numbers, IBM PC color codes, &c)

      --
      TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
    4. Re:One password, multiple accounts, low security by Rogerborg · · Score: 3, Funny

      Yup, I just got me postmaster@fbi.gov and postmaster@usdoj.gov (all of the system_accounts@microsoft.com have already gone). I bet we can think of a few more good ones for when they start spamming their victims and/or sending out the "Nobody panic, but there is a tiny chance that your account may have been compromised..." shrieks.

      --
      If you were blocking sigs, you wouldn't have to read this.
  2. security and privacy a difficult issue by Proud+Geek · · Score: 5, Insightful

    Passport is definitely an easier solution for consumers than any alternative yet presented. Having all your information stored in one central location is definitely better than having all your information stored all over the place. Microsoft also has a lot more motivation and resources to protect it than Joe Random Vendor.

    The problem is that they haven't had any success protecting it anyway. To be completely fair, neither has anyone else. The other difficulty is that although I would trust MS rather than JRV to protect my data, the necessity of distribution and interaction opens up a whole new class of security holes that no one has even thought of before.

    The unfortunate truth is that right now the only way to protect your privacy online is not to give out any information, and that Passport will do exactly nothing to remedy this situation.

    --

    Even Slashdot wants to hide some things

    1. Re:security and privacy a difficult issue by kilgore_47 · · Score: 3, Insightful

      Having all your information stored in one central location is definitely better than having all your information stored all over the place.

      I disagree.
      Just because I am truthfull when entering my age on one site doesn't mean I want to be on another site. If both ask for my age, and both use passport, I'd have to use two passport accounts to achive my age-deception! And that defeats the whole purpose.

      Age is just a trivial example. What info (and how much info) most people give out varies greatly between sites. How does it benefit me, the end user, to have all my info in one place? I can remember passwords, so that one-password argument is no good.

      And, even if I wanted one place for all my info, M$ would be the last company I would want to administer it.

      --
      ___
      The way to see by faith is to shut the eye of reason. --Ben Franklin
    2. Re:security and privacy a difficult issue by jonnosan · · Score: 5, Informative

      If you have a look at the passport SDK, you'll see that the affiliated sites don't have direct access to any of the user's data.

      A site that wants to use Passport for SSO generates an URL that redirects to the passport website. Then the user logs in, and passport redirects back to the original site. The original site can then access the authenticated username, but that's it.

      When the site wants to get some data from the user, say the user's age or address, they don't query passport directly. What they do is redirect back to passport, passport generates a form with the values prefilled in. Then the user can edit those values, or just click submit, and the values are posted back to the original site.

      So as a user you still get full control over what data a site you visit has. And you can tell a particular site info that is different to what is stored in passport. But it does save you typing in the same old boring gumpf into site after site.

    3. Re:security and privacy a difficult issue by howardjeremy · · Score: 3, Informative

      When the site wants to get some data from the user, say the user's age or address, they don't query passport directly. What they do is redirect back to passport, passport generates a form with the values prefilled in. Then the user can edit those values, or just click submit, and the values are posted back to the original site.

      Or you can just use the very cool (and free) RoboForm which sits in your toolbar and auto-fills forms that pop up in your browser (there are other form-fillers around but I haven't tried them).

      This kind of software doesn't require you to submit your personal information to a centralised authority (it's stored on your PC), and you can keep multiple 'identities' and choose which to use to fill in a form. I keep 'complete', 'partial', and 'anonymous' identities which I use to decide how much (and how truthful) information I want to give to a site.

  3. Selective paranoids by frleong · · Score: 4, Insightful

    So these privacy groups get worried about Microsoft's Passport leaking information when the biggest leaks of personal info are from fallen dotcoms and stupid e-commerce web sites? People, when you are paranoid, at least be paranoid to everybody, not just to Microsoft.

    --
    ¦ ©® ±
    1. Re:Selective paranoids by kilgore_47 · · Score: 5, Insightful

      So these privacy groups get worried about Microsoft's Passport leaking information when the biggest leaks of personal info are from fallen dotcoms and stupid e-commerce web sites? People, when you are paranoid, at least be paranoid to everybody, not just to Microsoft.

      "fallen" dotcoms are, by definition, no longer in bussiness. Complaining about them won't do any good. Microsoft, on the other hand, is very much in bussiness. Their passport service has a bad track record. There is no indication that microsoft has made any major changes in response to the barrage of criticism it has received. It's growing, and in the future you will undoubtedly see more sites where a passport login is required for certain features. That is why its important to be paranoid about this threat now.

      --
      ___
      The way to see by faith is to shut the eye of reason. --Ben Franklin
  4. Re:Passport - Great idea, iffy implementation. by demaria · · Score: 3, Funny

    Yep Verisign.

    Because web certificate authentication is so wonderful as it is today. :-)

  5. Well, they *have* made concessions before by alewando · · Score: 5, Informative

    Just last month, Microsoft changed the service agreement for their passport system to require only an email address and password to sign up. Did Microsoft do this without any armtwisting? No. Did they do it, though? Yes.

    Just keep the pressure on them up. They're going to go ahead with some sort of service no matter what, but the amount of opposition they face now will determine how many of these concessions will be made "voluntarily". That way, even if the FTC doesn't come down with a favorable ruling, we won't be completely left out in the cold.

    Incidentally, msnbc also has some coverage. A disinterested and impartial news source if there ever were one... or not, as it were.

  6. Re:Hmm.. by kilgore_47 · · Score: 3, Insightful

    I don't know about many other people, but I don't think too many people would have an e-mail account on a service such as Passport if it was going to contain highly sensitive material. I use services like this as "spam e-mails" so that I can sign up for things that require an e-mail address (but some websites won't even let you sign up with an e-mail like Passport or Hotmail, anyways).

    Sure, my current passport account is filled with bogus info and is mostly used for hotmail and sometimes msn communities. But the idea is that the passport login will be required for more legit/official uses such as the MSN HomeAdvisor, financial sites, and maybe even ecommerce. Sites that you'd ordinarily give real info to will soon be using passport. And that sucks.

    --
    ___
    The way to see by faith is to shut the eye of reason. --Ben Franklin
  7. Only trust those you can physically get to by Mandelbrute · · Score: 3, Insightful
    If you are going to trust a business enough to allow it to have access to your finances, then it should be a business that you can physically reach, so that if something goes seriously wrong you can call the police in your own country or go bang on their door yourself without getting a visa. If nameless employee #6363666 gets up to a bit of embezzlement, and they are in another country, it's likely that you'll never see the money again and the offender will never get extridited.


    "I'm calling at international rates from Outthebackofstan, I've been on hold for three hours, and why don't you ^%#$%#^ read your email?"
    "Oh, I'm sorry, you have the wrong department, this is the Pacific USA only support line. Please dial this number again in another eleven hours and the people supporting your region will be here. Have a nice day" (To co-worker: "Another commie towelhead") click."

  8. some sites _refuse_ passport users... by bergeron76 · · Score: 3, Interesting

    Like this one. They won't allow users to use Passport authentication to buy thier goods, and they posted info about why. What better way to prevent users from using MSPassport, than to send consumers mixed signals about being able to use it.

    --
    Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
  9. Passport EULA and Privacy Policy by dragons_flight · · Score: 4, Informative

    For those that are interested here are links to the:

    Passport EULA

    Passport Privacy Policy

    1. Re:Passport EULA and Privacy Policy by dragons_flight · · Score: 3

      Wow, spread your legs a little wider karma whore. I'm going to log back into my real account and mod this down into oblivian.

      You may not believe it, and I don't care, but I posted these after I went looking for them, BECAUSE I wanted to know what they said. It's pretty arrogant to sit here and argue about MS privacy and security issues in Passport, if you don't even know what information MS wants from people or how they intend to use it. I could have posted a summary, but I was too busy thinking about other things, and it didn't seem neccesary.

  10. I'd hate to have that job. by nougatmachine · · Score: 5, Funny
    Just imagine being the poor sap trying to defend Passport to privacy groups:

    Privacy advocate: "So, you are trying to set yourself up as the one definitive source for our personal information online. Let's talk about your record: Hotmail backdoors, Code Red, Melissa, IIS, and Kournikova, among others, are horrible things which have been influenced by your poor implementations of products. And you want to have even more power?"

    Microsoft PR guy: "Try to think of those as valuable lessons we have learned to make Passport more secure...

  11. great idea, but not for /valuable/ passwords; ENUM by bcrowell · · Score: 3, Insightful
    The whole thing is a great idea, but only for less valuable passwords. I'd love to have a service like Passport to keep track of all my passwords for mailing lists, etc. I'd even use it for online businesses that have my credit card info, since the credit card company cancels the charges in cases of fraud.

    But no way would I use a single password for important stuff. And there's the problem: MS obviously wants to force you to use it for /everything/. So then you can have your whole identity stolen by the first criminal who watches over your shoulder while you type in your password.


    It's also scary to ponder that next they'd probably force you to use it with ENUM, a new scheme we're going to have shoved down our throats, which involves linking the DNS database to the database of phone numbers.

    --
    Find free books.
  12. Aggregation is a bigger concern by coyote-san · · Score: 5, Interesting

    Information leaking from one site is annoying, esp. if it's something like a credit card number, but it's nothing compared to aggregated information being leaked.

    As a silly example, let's say you buy rat poison. No big thing, people buy it all the time.

    Let's say you buy a book about "perfect murders... and how they were caught." No big deal, people buy true crime books all the time.

    Now let's say you recently bought a bunch of lingerie. And had it delivered. But not to your home address. You're having an affair, sleazy, but not unheard of.

    Now finally let's toss in the fact that you just consulted a lawyer. A divorce lawyer. One who specializes in breaking prenuptial agreements.

    Suddenly things are much more interesting.

    Most of us aren't planning to murder our spouse, or even to look like we're thinking about it. But it's certainly possible for mindless data aggregation to cause people to jump to the wrong conclusion. E.g., you bought a couple books on alcoholism, and a few cases of wine? You obviously have a problem, don't you. (Nope, the wnie is a gift to newlyweds and the book is to help me understand if my nephew needs help.) Etc and so forth.

    Even with all of this information centralized with Microsoft (and make no mistake that the Passport/Hailstorm system will not collect this information), my biggest concern isn't that it will be leaked. My concern is that it will have bogus information feed into it. There's a nice market opportunity for nasty companies to put bad information into these records, then offer to clean it up for you. For a modest price, of course. All of the potential damage of a credit report, but with none of the legal safeguards.

    Of course, that same problem exists today with the aggregated data provided by from credit card companies, but again it isn't a *single* point of failure. Even if you crack Citibank (still the largest CC issuer?), it does nothing about the hundreds of millions of people who don't have Citibank cards. But crack Hailstorm and you'll have information on almost everyone online.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
    1. Re:Aggregation is a bigger concern by Rogerborg · · Score: 3, Interesting
      • But crack Hailstorm and you'll have information on almost everyone online.

      But not on me or thee, I assume. So, why do we care? Let the Microserfs sign up and get raped, let M$ take the flak, then once the principle is in place, we develop an open source (security through transparency) alternative and (here's the good bit) lobby for a consortium of Big Businesses to get together and themselves lobby for the gubmint (any gubmint, heck, pick a sensible one that everybody likes like New Zealand) to take it and administrate it.

      --
      If you were blocking sigs, you wouldn't have to read this.
  13. great idea(l)s by seanw · · Score: 4, Insightful

    this is such a classic microsoft-ism: thinking up a really good idea, and totally fucking up the implementation ([d]com, ole, activex, etc).

    what I can't figure out is why this company, which is supposedly on the brink of launching this massive, multi-tiered platform that is .NET has shackled it to possibly the worst authentication possible.

    I mean, come on, the username/password combo was maybe reasonable in the days when everyone had exactly one shell account. but today when everyone is expected to remember a user/pass combo for every one of a dozen or so websites they want to log into, the weakness of this paradigm has hit pretty hard. simply put: people can't remember them all, which means they either write them down lots of places (prett damn insecure) or use the same username/password for each account (even worse).

    and MS has made THIS the lynchpin of their security model?

    why couldn't MS use some of their much vaunted "monopoly power" to "leverage" an authentication system that actually matched the sophistication of the rest of .NET?

    my suggestion: the medium which most people are accustomed to carrying that is intimately tied to their financial and personal data is the credit card. my MS "Passport" could be a physical smartcard that held authentication data, encryption keys...hell, anything. each copy of XP (and each bundled OEM copy) would include a small USB device that could read this card, maybe that was designed to mount onto the side of the monitor so it would stay out of the way.

    YES this would be a major move, and it would stir things up a little. but when it is clearly called for, WHY NOT? people would just carry another little card in their wallet, the reader device would be small and dirt cheap (in that volume, most anything is) and in a year we would forget what we did without them. we have calling cards, and credit cards,and ATM cards...where is my computer card?

    in any case, tying their much-heralded .NET platform to the username/password "security system" is about as intelligent as locking your car with duct tape, and will probably be about as effective.

  14. Single Point of Failer, but needed... by tshak · · Score: 3, Insightful

    Passport, or a similar concept, is still needed. Customers want it. If a user has to have 10 different logins, they may:

    1. Use the same password on all 10 anyway

    2. Use grossly easy passwords so that they can remember them

    3. A combo of 1 and 2.

    With a Passport like concept, there's only one account to remember. Maybe then consumers will find it reasonable to memorize a secure password. Either way, a centralized system is needed for identification. As a web developer for 5+ years, customers don't want to fill out the same crap each time they visit a site, and if they could just type in their passport info to authorize access to certain private information, they'd do it. Now, it's up to us to come do the social and technological engineering to make this happen safely, and securely.

    --

    There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
    1. Re:Single Point of Failer, but needed... by jcr · · Score: 3, Interesting

      >Either way, a centralized system is needed for identification.

      Um, NO.

      In fact, HELL NO.

      Apple's got something called the "Key Ring", which keeps all of your passwords in a strongly-encrypted file, on your OWN machine.

      Not only that, every time an app (such as a web browser) wants one of your passwords, the Keyring, NOT the app, ASKS you if it can release it. (This is subject to a user preference, of course.)

      You get the benefit of single sign-on (i.e, you only need to remember the passphrase to your keyring), and you can also use *truly* random passwords on all of the sites/services out there. If your login is B1378gHz##/74u9%z, it's a whole lot less likely to fall to a dictionary attack.

      Single sign-on is a good idea. MicroSquish passport is just about the worst way I can think of to implement it.

      -jcr

      --
      The only title of honor that a tyrant can grant is "Enemy of the State."
    2. Re:Single Point of Failer, but needed... by Chris+McLaren · · Score: 3, Insightful

      I agree that a password store/person profile store is very useful... but why does it have to be online?

      Why couldn't you store the required info in an (encrypted) store on your machine and use that to answer the types of requests you are talking about. Same result to the end user without having all this information in some remote store.

      You could go further and set the system to autmoatically answer requests in some cases (perhaps in cases where the site has a P3P policy meeting certain conditions, etc.) and you could have every response be part of a digitally signed package that provided a "paper-trail" of exactly what you shared with that site and what purpose they claimed they would use it for.

      Much better solution, without MS holding all my data.

      --

      --
      "in the marionette's eyes
      glimpse the nature of the wire"
  15. I will NEVER trust passport... by Kazymyr · · Score: 3, Informative

    ...unless they specifically address the bullying issues they have towards the consumer.

    I used to have a Hotmail account, for several years (even before they were bought by MS). I was only logging in every 3-4 months, mostly to keep it active, because it wasn't my main email address.

    One day I found in it a message informing me that I had been automatically issued a passport. Without my consent. They had just taken the info in my hotmail registration and created a passport for me, without asking my permission. I got very angry, and asked that the "passport" be removed, because I didn't want it. The reply was "it cannot be removed, once you got one, you're stuck with it forever". It seems that, by logging into my hotmail account after they had sent me the info, I had "automatically given them permission to activate the passport". But nowhere on the login page was there any information about this!

    I eventually let the hotmail account expire, but AFAIK the passport account they crammed down my throat is still there. There is no option to delete it.

    --
    I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
  16. Misconstruing Passport by sheldon · · Score: 5, Informative

    When you sign-in to Passport there are two checkboxes...

    One says 'Sign me on Automatically'. If you check this, a cookie is stored that remembers to authenticate you from then on.

    If you don't check this box(which is the default condition), then a cookie is created and stored which remembers your username. But the authentication information is stored as a session cookie which disappears when you close the browser.

    There is a second checkbox. It says 'I'm using a public computer'. This stores a session cookie on your machine for both the username and authentication.

    Once you have closed the browser, the session cookie is gone and you no longer authenticate automatically, nor is your username auto entered for you.

    So while I understand your concern, Microsoft has provided two checkboxes which alleviate this concern. Neither checkbox is on by default which means the default behavior is to remember your username only.

    If you have a better solution to this problem, I'm sure we'd all appreciate hearing about it.

    BTW, the paper you linked to has much better explanations of problems Passport might have then what you wrote about. Man in the middle type attacks that involve redirecting DNS, etc.

  17. Multiple passwords are *not* more secure by Anonymous+Brave+Guy · · Score: 5, Insightful
    Because people usually don't pick very secure passwords, it's better to have multiple passwords so that an evesdropper or other malicious person can't crack into all yur accounts.

    Unfortunately, that's just not true. Usability research has shown certain facts about passwords again and again. In particular, as soon as you start forcing users to remember several passwords, they immediately start using obvious and easy to remember passwords, or writing them down in a readily accessible location. Clearly, this does not improve security.

    Having a single sign-in, with a single, genuinely cryptic ID and password, is far more secure than twenty different authentication schemes for different facilities. Of course you rely on the keeper of that information to keep your data in a trustworthy fashion, but you have that problem anyway. At least with a single secure sign-in the average five year old can't guess everyone's ludicrously simple password.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    1. Re:Multiple passwords are *not* more secure by Anonymous+Brave+Guy · · Score: 5, Insightful
      Ah yes. Usability research, the great curse of the 21st century rears it's ugly head again.
      And why pray tell,should we take anything that involves people stupid enough to dump hot coffee or tea in their laps seriously?

      Good usability research involves observing the people who are actually going to use your product, using your product. If those people are stupid enough to dump your hot drinks on themselves, you need to design a product that stops them doing it. What you don't need to do is complain that they are stupid.

      This is the point. If you're designing a product, whatever it may be, and you want to sell it to a particular market, then your personal opinion on what that market should do is totally irrelevant. Your preconceived ideas about how they should behave are totally irrelevant. You have to watch what they do do and how they do behave, and adjust your product accordingly. If you don't, your product will not be a success, and all the ego in the world won't change that.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  18. Hmm, what are the alternatives? by magi · · Score: 3, Insightful

    I guess there must be dozens of distributed alternatives to this centralized Passport system. It would be interesting to find a nice short overview about them.

    I think a nice solution would be a kind of "PassPouch", based on public-key crypto, etc. A pouch would contain arbitrary number of passwords. To authenticate a user, a service would need your pouch password to open the pouch, and then use its site-password to authenticate a security cookie in the pouch. Well, something like this. You could have multiple pouches, and a pouch could be stored in your personal computer, or in any "PouchServer", based on for example LDAP. There probably already are such systems, but I haven't noticed any so far (I don't know much about the topic).

  19. Re:Passport - Great idea, iffy implementation. by quartz · · Score: 3, Insightful

    Nobody's saying it should be "crushed at all costs". I simply won't use it. And neither will, probably, all those who don't like the idea. For me at least, it's a little difficult to trust Microsoft with my personal data when I don't even trust them enough to have any of their software installed on my computers. It's not an emotional or religious issue: I just can't trust them.

  20. Regarding several comments... by mindstrm · · Score: 3, Insightful

    Firstly, those who say that it's GOOD to have centralized authentication like this, because people tend to be sloppy with their passwords, etc.

    Okay. On a small scale, it might make sense. This is not a small scale. This is microsoft. The Internet was not built so one company could control it; it's independent. MS is doing this to corner the e-commerce market. I don't want to let them do that. They are already free to compete fairly with everyone else.

    Regarding the comment about Windows XP product activation containing a GUID (which should scare everyeone). I refuse to buy a product that requries me to 'authorize' it's use with the company I bought it from. It's wrong. I paid for it, like a product, at the store. It's mine to use. I should not in any way have to deal anymore with the creator unless I choose to.

    Regarding Passport in general... using it for hotmail? MSN messenger? Fine. That's great. But let's not get carried away. I won't give MS my financial information, ever.