eBay Retires MS Passport Sign-In

fihzy writes "eBay have announced they will retire Microsoft Passport Sign-In and .NET alerts. The Microsoft Passport Directory of Sites has been discontinued, too. Is Microsoft's Single Sign-On vision edging towards oblivion?"

Edging into oblivion?

[douthitb]

Did I miss something? Was Microsoft's single sign-on vision ever in danger of becoming main stream?

Re:Edging into oblivion?

[killjoe]

Although MS has suffered from a lot of spectacular failures latelly, anything they do is in danger of becoming main stream. A monopoly on the desktop and office software is a tremendous weapon to wield against the rest of the world.

Re:Edging into oblivion?

[skrolle2]

I used to work on a similar system for another major portal business, although only for our own portfolio of websites, and we took this stuff really seriously for a while. When eBay joined, we were starting to get a bit scared, because if the passport thing had taken off, our business would have gone bye-bye.

The worst thing about Passport and the related .Net services was that MS intended not only to store a username and password, but store ALL user information. Participating sites would then have free access to the information they contributed to the system, but would have to pay for anything else. Also, using the entire .Net portfolio would have made it simple for web developers to build a system with a "secure" passport logon and user database, but VERY difficult to obtain control over their own data. Microsoft, on the other hand, would have complete access to all user data regardless of source. They could have become the gatekeeper, the only company with control over user data, and everyone else paying them for data mining rights in their own data. We should be VERY thankful that it didn't take off.

In retrospect, Microsoft made a bunch of mistakes:

1) The whole thing got muddled in the general confusion of .Net.

2) Most other web companies actually valued control of their user data more than ease of development.

3) No user demand for single sign-on, either because users don't care, or because they actually value their privacy and don't want different websites to share user data.

It's finally gone. Good riddance.

Good idea, bad implementation

[prostoalex]

The idea is not that bad - instead of thousands of sites and message boards requiring registration, login and confirmation of the e-mail, have just one single entity provide and verify the virtual avatar.

As a Webmkaster, I would like to have some simple authentication solution, so that the users dont have to register in forums and what not to post. However, the implementation is just unacceptable:

There are two fees for licensing Passport: a periodic compliance testing fee of $1,500 US and a yearly provisioning fee of $10,000 US. The provisioning fee is charged on a per-company basis.

Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.

Re:FYI

[tourettes]

That should be http://en.wikipedia.org/wiki/Microsoft_.NET_Passpo rt

Re:well

[superpulpsicle]

Man I had a .net account. I always frequently login. Out of the blues one day, my password just locked me out. I emailed the M$ support folks, and not a single person replied. My account was just gone basically, and no one gave a shit.

I actually used it

[CdBee]

6 months after MS Passport was introduced on eBay I started using it. I gave up using it 3 months later after missing numerous sales due to passport authentication fscking up and logging me in moments after the bid deadline ended

Eventually, I got a new login and walked away from one with 20 favourable reviews on it thanks to that damned system. Hope it fries in hell.

Re:I actually used it

[prostoalex]

Heh, yeah, that's true, Passport tends to lose your authentication cookie more often that a 3-year-old would lose his toys. You have financial losses, I would just get frustrated.

On top of that I used their hotmail account to register for the Passport, since that's their recommended option. I never use Hotmail for my daily webmail, in fact, the only message I have there is a thank-you for signing up. The bozos from hotmail kept threatening me with turning off the account, and they did execute their threats every 90 days. So unless I remember to log in to the Hotmail account, which I never use, I lose my passport, and have to go through easy but still frustrating retrival system at hotmail.

The guys who designed this system are probably competing with Clippy team on who builds the most annoying product.

LOL

[Anonymous+Crowhead]

I read that as 'requires' instead of 'retires' and gleefully clicked on read more to see the frothing at the mouth that I assumed every single post would contain. What a disappointment.

A Directory Page revision for MS...

[BrynM]

.NET Passport - Directory of Site(s)

The .NET Passport service offers streamlined sign-in at a wide range of Web sites and services that are soley owned by Microsoft.

We have discontinued our Site Directory because nobody really trusts us and few people really care, but you'll know when you can use your Passport to make sign-in easier and the marketing data more easily collected. Just look for the .NET Passport Sign In button! We have one at least. You can use the Passport account you created to get us to stop bothering you about it after your Windows or Microsoft Office install process. One day, the powerful Passport login will give you exclusive access to Security Patches, Updates and Service Packs. Why not get used to it now?

Re:Yahoo's going strong

[prostoalex]

Well, MS has single sign-in within their MSN zoo, but the idea was outside licensing to sites like eBay. I am not aware of any Yahoo! implementations on the sites outside of its own.

It never was.

[Fortran+IV]

Microsoft's Passport sign-on was never a single-entry system, even within Microsoft's sites. Not long ago they started requiring a Passport account to post to the MS support newsgroups, so I reactivated an old Hotmail account. Surprise! Logging on to Passport thru their newsgroups did not get me into Hotmail; I had to enter the Passport account and password individually for each system, whether I entered them sequentially or simultaneously thru two browser windows.

As usual, Microsoft paid as little attention to their proposed standard systems as the rest of the industry. (Remember, Windows Notepad didn't get the Ctrl-O and Ctrl-S shortcuts until Windows 2000, even though other MS programs had them in Windows 3.x.)

Bad idea, implementation irrelevant.

[Tackhead]

> The idea is not that bad - instead of thousands of sites and message boards requiring registration, login and confirmation of the e-mail, have just one single entity provide and verify the virtual avatar.

Bad idea, implementation irrelevant.

Instead of having to compromise each site (presumably on a semi-secure server), have just one single entity provide and verify the virutal avatar... based on data resident on a machine administered so incompetently as to have six types of spyware and four spammer worms on it because the underlying operating system is as secure as swiss cheese.

> Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.

...thereby saving themselves $10K, thereby limiting the damage from compromise to Just One Site, and thereby offering better security to the end user by accident.

I've lucky in that got a good "mind" for (secure!) passwords and have no trouble remembering dozens of them.

But even if I didnt... even if I wrote all my userid/password combinations on Post-It notes, a Post-It note resides in an area with reasonably secure physical access controls. Not so with a network-connected PC and a single-signon application.

Just goes to show...

[SteeldrivingJon]

Microsoft can trot out a list of companies participating in their latest 'innovation', but no matter how many companies sign up at the start, it really says nothing about the eventual likely success or failure of the system.

Too many people (especially pundits) see such a list and take it as irrefutable evidence that the thing in question is destined to take over the industry.

Hubris, thy name is Microsoft

[doodleboy]

Somehow Microsoft failed to consider that

1) with their record of bad faith toward their own customers and their ongoing security lapses, most knowledgeable end users would not trust Microsoft to manage their personal information, and

2) with their record of bad faith toward their own business partners and their ongoing security lapses, online retailers wouldn't relish the extra burden of sending a monthly tithe to Microsoft.

Luckily Microsoft makes bazillions off Windows and Office and can throw a couple billion here and there on various schemes--gaming, set top boxes, what have you. They know as well as anyone that the commoditization of operating systems and productivity software is underway and they won't be able to maintain their margins forever. If they don't find a cash cow soon they'll be forced to (horrors!) make less money.

Some don't want a hotmail-account

I think some people are scared away because they believe that you need a hotmail-account to have a Passport. Not everybody want yet another useless, spam-filled webmail address.
The fact is that you can use your regular email with Passport, but I think alot of people believe these two services to be the same.

Maybe MS just need to relaunch the service. When it was created, Joe Average didn't have a gazillion different passwords. Things have changed since then.

One account for EVERYTHING... no thanks!

[turrican]

The thought of a single web-based logon for access to so many different entities kinda scares me... Especially once it spans across companies.

It's sometimes irritating to remember a number of different logons/passwords, and maybe I'm just paranoid, but I prefer the compartmentalization that separate logons brings.

One compromise, multiple 0wnz

I hope not, I so liked the idea of having one login that if compromised would allow access to multiple sites for multiple micheiveous activities. This is why I used my .NET passport like I use the air I breathe, all the time.

Please say it ain't so! How else can I be throroughly humiliated with just one account being cracked?

Re:nope

[Broadcatch]

Windows Longhorn will have an identity system in it, currently code-named InfoCard. But from what I hear, they are actually looking for open standards on which to base their identity infrastructure, and this would make a *lot* of sense. If they promoted a system that was 100% decentralized (as opposed to the 100% centralized Passport), free and open source, and integrated it sweetly into their OS, they would have an identity system that would be peerless and increase their market share (or at the least, not drive people away so fast).

The only system I know of that fits the bill is the nascent Identity Commons system that is just starting to come online. (Disclaimer: I am 2idi's CTO)