Slashdot Mirror
eBay Retires MS Passport Sign-In
fihzy writes "eBay have announced they will retire Microsoft Passport Sign-In and .NET alerts. The Microsoft Passport Directory of Sites has been discontinued, too. Is Microsoft's Single Sign-On vision edging towards oblivion?"
On one hand its cool if you forget your ID, because you use the site infreqeuently... On the other hand do you trust Microsoft that much?!
All editors at the slashdot camp are sporting wood right now pending this wonderful M$ news!
Did I miss something? Was Microsoft's single sign-on vision ever in danger of becoming main stream?
Is Microsoft's Single Sign-On vision edging towards oblivion?
It's been dead for a while, people are still cleaning up the carcus.
Michalangelo Progr
enough said...
As a Webmkaster, I would like to have some simple authentication solution, so that the users dont have to register in forums and what not to post. However, the implementation is just unacceptable:
Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.
That should be http://en.wikipedia.org/wiki/Microsoft_.NET_Passpo rt
tourettes
Why bother to sign in to passport when each user will only run windows longhorn, and each user will have their own account, and the current active account can be queried by the website via some new fancy secure API initiative that will be in longhorn... thus forcing everyone to have to run longhorn in order to do so much as use ebay or amazon...
;)
or perhaps I am suffering from wearing a tinfoil hat too much... but I think I might be on to something... replace passport with something directly tied to windows that users have no choice in, since their machines have unique ID's, as do their accounts... they will not be able to be anonymous on the web, and said info will be used to make browsing easier for average joe q. public, meanwhile identifying every user out on the web... really sneaky...
---
Programming is like sex... Make one mistake and support it the rest of your life.
I've said it before... Yahoo has done single sign in, and they've done it well without being abusive. Why MSN couldn't compete, I have no idea (since I never used their stuff). With Yahoo, it's all tied together relatively seamlessly, with extra security when you go to buy stuff. But with one sign in, you can get customized mail (of course), weather, financial info, news, message boards (Yahoo Groups), bookmarks, etc, etc, etc. So it's not that it can't be done and done well.
I don't respond to AC's.
6 months after MS Passport was introduced on eBay I started using it. I gave up using it 3 months later after missing numerous sales due to passport authentication fscking up and logging me in moments after the bid deadline ended
Eventually, I got a new login and walked away from one with 20 favourable reviews on it thanks to that damned system. Hope it fries in hell.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
I read that as 'requires' instead of 'retires' and gleefully clicked on read more to see the frothing at the mouth that I assumed every single post would contain. What a disappointment.
Only other place i have seen that used it was Asheron's Call games.
.net passports even though i have several. Ebay already knows everything...why bother with passport.
Those are currently being transfered to the developers in-house system.
In a couple months that use will be gone too.
What does that leaving using it? Hotmail?
I never even linked my ebay to one of my
Nice idea but only handy if it filled out everything for you on lots of sites, which i dont think i'd like the idea of anyway.
When it arrives, single sign-on is going to have to come with some bill of rights for users...I don't see MS providing any level of transparency.
The .NET Passport service offers streamlined sign-in at a wide range of Web sites and services that are soley owned by Microsoft.
We have discontinued our Site Directory because nobody really trusts us and few people really care, but you'll know when you can use your Passport to make sign-in easier and the marketing data more easily collected. Just look for the .NET Passport Sign In button! We have one at least. You can use the Passport account you created to get us to stop bothering you about it after your Windows or Microsoft Office install process. One day, the powerful Passport login will give you exclusive access to Security Patches, Updates and Service Packs.
Why not get used to it now?
US Democracy:The best person for the job (among These pre-selected choices...)
What is this E-bay?
Microsoft's Passport sign-on was never a single-entry system, even within Microsoft's sites. Not long ago they started requiring a Passport account to post to the MS support newsgroups, so I reactivated an old Hotmail account. Surprise! Logging on to Passport thru their newsgroups did not get me into Hotmail; I had to enter the Passport account and password individually for each system, whether I entered them sequentially or simultaneously thru two browser windows.
As usual, Microsoft paid as little attention to their proposed standard systems as the rest of the industry. (Remember, Windows Notepad didn't get the Ctrl-O and Ctrl-S shortcuts until Windows 2000, even though other MS programs had them in Windows 3.x.)
I figure by 2030 or so my 6-digit UID will be something to brag about.
Bad idea, implementation irrelevant.
Instead of having to compromise each site (presumably on a semi-secure server), have just one single entity provide and verify the virutal avatar... based on data resident on a machine administered so incompetently as to have six types of spyware and four spammer worms on it because the underlying operating system is as secure as swiss cheese.
> Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.
I've lucky in that got a good "mind" for (secure!) passwords and have no trouble remembering dozens of them.
But even if I didnt... even if I wrote all my userid/password combinations on Post-It notes, a Post-It note resides in an area with reasonably secure physical access controls. Not so with a network-connected PC and a single-signon application.
Passport does have a lot of users, but only for Microsoft stuff. MSN, Hotmail, and Xbox Live, all very popular, use Passport.
(Xbox Live's case is a little more complicated, but it does use Passport at its core.)
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
That .NET Passport signin broke for me the first time i used it with ebay and then i was unable to set up an ebay account for an entire month.
"all through my house i set up traps, it seems like the rats have a map, so now i feed the rats crack" - Donald D
Microsoft can trot out a list of companies participating in their latest 'innovation', but no matter how many companies sign up at the start, it really says nothing about the eventual likely success or failure of the system.
Too many people (especially pundits) see such a list and take it as irrefutable evidence that the thing in question is destined to take over the industry.
September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
Somehow Microsoft failed to consider that
1) with their record of bad faith toward their own customers and their ongoing security lapses, most knowledgeable end users would not trust Microsoft to manage their personal information, and
2) with their record of bad faith toward their own business partners and their ongoing security lapses, online retailers wouldn't relish the extra burden of sending a monthly tithe to Microsoft.
Luckily Microsoft makes bazillions off Windows and Office and can throw a couple billion here and there on various schemes--gaming, set top boxes, what have you. They know as well as anyone that the commoditization of operating systems and productivity software is underway and they won't be able to maintain their margins forever. If they don't find a cash cow soon they'll be forced to (horrors!) make less money.
I tried to use it multiple times. I'd be logged into MSN, MSN Messenger, reading hotmail, and in some new window (using IE, even) I'd try to log into eBay and, nope, same page, repeatedly, asking for the username and password.
I'd have liked for it to work, but I don't think anyone at eBay ever actually cared whether it worked.
I think some people are scared away because they believe that you need a hotmail-account to have a Passport. Not everybody want yet another useless, spam-filled webmail address.
The fact is that you can use your regular email with Passport, but I think alot of people believe these two services to be the same.
Maybe MS just need to relaunch the service. When it was created, Joe Average didn't have a gazillion different passwords. Things have changed since then.
I wrote a login/password script with no effort in less than an hour. The hardest part is getting an internet protocol compatible programming language, and actually writing your application.
What they were asking is like holding the door open for someone then asking for a hundred spot.
Passport not only had security flaws, but would be the biggest target ever imagined for phishing scams. Its funny too because the passport URL was so long that you didn't even see the www.microsoft part. You could have sent them to any site to login, and just kept their login and passport.
Microsoft failures are great for jokes.
God spoke to me
The thought of a single web-based logon for access to so many different entities kinda scares me... Especially once it spans across companies.
It's sometimes irritating to remember a number of different logons/passwords, and maybe I'm just paranoid, but I prefer the compartmentalization that separate logons brings.
The Passport concept was, and still is good. I never gave MS's attempt a real chance, because I was annoyed of programs like MSN Messenger and XP Remote Assistance bugging/requiring me to get an account.
Anyway, the idea of a simple username+passport system for the 99% of websites where we care about security "a little" does exist. I think Passport was overengineered. I suspect that a most people will NEVER trust their bank passwords to the same system that holds their Slashdot passwords. Without that level of security, a lot of the engineering and compliance testing and associated costs aren't necessary.
I would imagine that "all" that's needed is a big database, some public key system, and a client-side tool to fill in the login forms. It's not THAT tricky.
I'm imagining someone like Google being able to offer this with relative ease. The GoogleToolbar can handle the client-side for automatic logins, or each site can provide an alternate manual login form. Google can easily handle the distributed database and web services stuff. And the free publicity would be excellent - a lot of smaller sites already have Google Logos for their site search, adding one on the login forms is probably reasonable.
Is Microsoft's Single Sign-On vision edging towards oblivion?
Yes, the MS single sign on is going away and here's why. Anyone from Redmond reading this, listen up.
Microsoft is not the Internet.
I know, I know it's hard to believe...but it's true. The online community is actually *much larger* than Microsoft's vision for it.
This is why "embrace and extend" (and then make incompatible) keeps failing as a strategy.
Weaselmancer
rediculous.
I hope not, I so liked the idea of having one login that if compromised would allow access to multiple sites for multiple micheiveous activities. This is why I used my
Please say it ain't so! How else can I be throroughly humiliated with just one account being cracked?
I don't want my password to be stored on a computer.
If I did, I would want it to be my computer.
If I didn't want it to be my computer, I wouldn't want it to be on a computer I had to pay for.
And even if I were willing to pay for the inconvience of having someone else be in control of my passwords, I wouldn't want that person to be Microsoft.
Passport was based on a flaw premise;
The reason we don't provide personal information to every site that asks for it isn't because it's too hard to type it in.
-- Should you believe authority without question?
Certainly looks like MS have had enough of .NET Passport... Mouseover the "How do I become a .NET Passport Site?" on the directory site and it shows "http://www.microsoft.com/net/services/passport", but click it and your redirected to "http://www.microsoft.com/NET/default.aspx" with not a mention of .NET Passport.
how about i let a convicted corporate crimminal hold all my personal information, including user name & password, creditcard names/expiration dates/account numbers...
does that sound like a good idea to you???
it would be a really really cold day in hell before i let the likes of a greedy corporation such as M$FT have any of my personal info...
...And it stinks.
.NET Passport enabled site?
I've got a Passport because of my MSDN subscripton, and it's the only reason why I've got Microsoft Instant Messenger running on my system. But, it NEVER WORKS-- IE is supposed to realize you're signed in with your passport, and let you right on through to subscriber downloads, but that never happens. Everytime, I'm forced to sign in, and then hit the "I Agree" button to the MSDN Subscriber Agreement each time, as if I'm signing in for the very first time, every time.
Sure, that might be lazy to not want to be hassled by those few key/mouse clicks, but if you're going to implement a feature and then require your subscribers to use that feature, at least make the feature work. After all, that was supposed to be the reason for Passport integration into XP, right? Just sign into Messenger, and then you'll be recognized at any
I don't moderate anymore. Karma penalty for 90% fair mods? Can I mod that unfair?
The ebay article doesn't give a reason for the retirement. Though lack of interest could be the obvious reason. There is also the possibility of ebay not wanting to link to their next major competitor. We all know that Bill get's up every morning and asks "W W W on the wall who is moving in on me owning it all?"
...film at eleven.
So, what's he going to do next? Build ShortHorn into every telephone?
Got time? Spend some of it coding or testing
The people at Microsoft are such bullies.. Now give me a bunch of points for being insightful or i'll beat the shit out of you. Now don't tell anyone we had this conversation
I'll let you guess at how much we told them was implemented or fixed...
17.3%? Too high?
-- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
email and IM; authenticate using them. this is happening already when you click "forgot password?" and the password is sent to your email. so, in effect your email password is like your only password. changing you email password is kind of like changing ALL your passwords.
why?
the only common communication channel on the internet is email and -a bit less so- IM.
eg.: each time you sign on to a site you can get a different password for each time you log in via email or IM.
--- widget evolution: enhanced, plus, super, ultra, extreme, exxxtreme, ultra-extreme,
When I saw this, I thought 'hang on, I can now register for an account!'. No, hang on, this makes sense...
Much of my office communicates using MSN Messenger. I don't like it but never mind... I had never signed up for an account because, with Passport around, I didn't want to provide them with the slightest additional encouragement and blip in their userbase statistics that might help persuade another site to join their unholy alliance. Now that possibility appears thoroughly dead, I can sign up for one in peace and be able to send quick messages to colleagues more efficiently than through e-mail.
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
proves that passport is so dead nobody even cares to flame it anymore! yaay!
"You never want a serious crisis to go to waste." - Rahm Emanuel
Once you understand how Passport works and would work in the future, it is so clearly a horrible idea that it is not funny. People often only think of it as a central repository for storing their passwords. Some like this idea for its convenience but the Passport model is so half-baked it is not even funny.
If you want to understand how a truly well-designed system will work, take a look at the Liberty Alliance. Instead of the central repository method, it uses a federated approach to the problem.
For example, if you have a bank account, a utility provider, and your employer, there is no need for those three entities to share all information about you. It should be up to you to define which information is shared, but you should only have to maintain it in one place.
If your employer knows your home address, why not allow this data to be shared automatically to the other entities? Don't want to? Then you don't have to. You employer may know your bank account number to deposit your salary. Your utility provider may know your bank account number to deduct your monthly bill. Why not tell your bank to share this information with your employer and utility provider? If you change your bank, then your new bank will automatically update this information.
Of course all of this has to be done in a secure way. But it is more likely that your bank will have secure connections to other entities than the layer where you inform those entities yourself.
Best of all, the approach from the Liberty Alliance does not leave one vendor with the master key. The keys are still with you, you just might give certain keys to some of your vendors.