Slashdot Mirror
Microsoft Loses Passport
nikkoslack copies and pastes: "Microsoft is abandoning one of its most controversial attempts to dominate the Internet after rival companies banded together to oppose it and consumers failed to embrace it. The Redmond software company said Wednesday it would stop trying to persuade Web sites to use its Passport service, which stores consumers' credit-card and other information as Internet users surf from place to place."
Nobody believes that Microsoft focuses on security. Nobody.
That is the reason that the passport system failed. The general computer using public is not
really tech-knowledgable... however, they do know that credit card numbers are to be protected.
(Of course, they don't realize that all of this spyware s!ht they have installed could
grab their numbers just as easily.)
Hopefully, Microsoft will turn off
that damn reminder balloon now.
I think "rival companies banded together to oppose it" was far less relevant than "consumers failed to embrace it"
Here's what I do: Bitty Browser & Andromeda
Thank God.
I realize that it's probably the fault of the implementer, and not the technology, but I can't tell you how many times I've supplied my password to a page that was rendered without https.
So I had to get two Passport accounts: one for secure things, like my MSDN account, and one for things that I didn't care who stole my password for.
Never attribute to malice that which can be explained by mere idiocy.
/tinfoil hat on
/tinfoil hat off
Microsoft will embrace the Libery Alliance's Passport service. Windows users will embrace it too because it will be ported into the kernel.
Few years later, Microsoft will modify the protocol to extend it, adding their own proprietary features. Windows users have no choice but to embrace it.
Microsoft will then lock out competitors from using their new version of Passport. They might even patent parts of it. In the end they will end up dominating the Passport buisness anyways.
"would stop trying to persuade Web sites"
Perhaps if they did this mafia style with a hammer and some other blunt objects they would have better sucess
Microsoft will still use Passport for MSN services like Hotmail.
This is my sig. There are thousands more, but this one is mine.
Perhaps Ebay's decision to drop it was the final straw.
Not everything is analogous to cars. Car analogies rarely work.
They do, and they market that very well. I recently saw an eighteen-wheeler pull through major cities showcasing Microsoft security products. Every business owner I spoke with that has had considerable expenses due to Microsoft's insecurities was amazed at their products. What I find most interesting is when a peer of mine went to a Microsoft propaganda seminar, they suggested the purchase of a Linksys router/firewall to place before their high-dollar security system. When asked what OS this equipment used, the speaker proudly mentioned Linux.
The problem is age-old though. Viruses and Trojans would seemingly not exist without Microsoft. Certainly, there would not be a need for anti-virus products because the numbers would be manageable enough via infrequent patching. Therefore, Microsoft is the problem.
Click here or here.
...at the embassy to get a new one.
Just some questions. Is the liberty alliance project still alive? does it provide a decentralized authentication proxy and will it be deployed concretely in some future?
There were a lot of rumors about this "passport killer" but now it seems to be faded into silence.
-- "If A equals success, then the formula is A=X+Y+Z. X is work. Y is play. Z is keep your mouth shut." - Einstein
They shot themselves in the foot a long time ago with extremely high licensing costs and requirements as well as complicated implementation requirements (not to mention the tiny client portfolio or constant security problems).
Besides, there's no push for businesses to either adopt single-sign-on services, or for customers to want it.
Businesses require flexibility when it comes to user authorisation and profiles that 3rd-party services cannot offer.
Most people either use the same user-name and password combination for all of their services, and there aren't many browsers that won't auto-complete u/p forms.
At least with this announcement, Microsoft might be able to push some of it's resources from trying to push this serviced to 3rd parties to fixing the services internally (ever tried to log-out?)
When Microsoft continued to leave "security" off its list of "necessary items" to follow up on for years, they pretty much shot any hopes of controlling a unified authentication system out the door.
Nobody takes them seriously as far as security goes. Just reading the headlines for a day would make that abundantly clear.
Perhaps a competitor will come out with a clean record and a compelling product, but in this area it isn't going to be Microsoft, if anyone.
SNACKS ARE AWESOME
a public/private key scheme where public registrars keep your key. You keep your list of credit cards and identities on YOUR own devices. You then send encrypted information containing your credit card or identity in an industry standard packet of encyrpted information along with a link to the registrar.
They will be back. They have the time and the funds to punt on this..
But they are not done...Total domination takes time.. They learned that lesson with java and the web in general...
---- Booth was a patriot ----
So really, whats next? If anything, the world would benefit from some simplification in identification. I'd feel more comfortable with one company or government knowing my details, then 20/30 companies and various different governments knowing my details. Mind you, Passport sucked. But thats no excuse to not try to do something better.
I still think the idea is valid, but the implementation and execution, in true MS form, left a lot to be desired.
I don't know much about the underlying technology, but I've been in a few systems that use kerberos, and it seems to do the job of authentication nicely without any yucky credit card/personal info messyness.
Could kerberos be implemented on the web somehow, or is it only good for intranets?
Get a sense of humor dear mod.
The post was meant to agree with other poster about how this has mostly to do with people not even embracing but not even touching this with a 10 foot pole rather than corporations not implementing it. They would do so in a heartbeat if it was something people wanted.
I hate the fact that you people don't salute me
Maybe MS Money 2005 won't force you to use passport. I'm still using MS Money 2001 for this reason.
Wow, it's looking bad for MS. Firefox, IE exploits, linux sneaking up on them, and their attempt to be big brother now fails too. I'll be sure to toss a rose on the casket when the giant dies off for sure, albeit a black rose.
"A man is but the product of his thoughts what he thinks, he becomes." -Mahatma Gandhi
My wife was buying airline tickets on Expedia when it asked her to log in, the first log in choice was to use her Passport id. So she dutifully goes and retrieves her US passport. Yes, I laughed at her too, but still the confusion was understandable, she was buying airline tickets after all.
Maybe if they would have called WebId or something more descriptive it might have caught on.
Arbitrary sig
Obviously you did an awful job at conveying that.
The real problem was the design and implementation. Is was designed for MS to take control of the internet which is what they are focused on. But in typical MS fashion, it has no real security and MS corp. does not know security.
Let me have my 1000's of different logins as you can't imagine what happens when your only identity online get's compromised.
Imagine the work you need to pick up the pieces, this after all the work you need to make sure that the theft's impact remains small...
People that buy in on a single net identity are not so smart it seems...
in Microsoft Monopoly Speak - MMS (TM), really means "will consider a pause in their relentless assault, using their normal ordinance of bullying tactics"
The normal ordinance includes: discounts on volume software, initiation of free services to smother the competitor, buy the competitor, make sure the competitors product 'breaks for no reason' on IE, guido the leg breaker, a legion of attorneys, concrete blocks, having clippy threaten to make them sleep with the phishes.
these are employed in no particular order
If the goal is security than why do they convince people to give away more and more of their personal information?
Security isn't based upon giving up your personal information to some company or government,
keep more of your personal information to yourself - that is real security.
Innovation isn't really innovation if no one wants it but you.
This is my sig. There are many like it but this one is mine.
I'm almost sorry to see it go - it was a usable, simple to integrate single-sign-on with a big name, money and a fair critical mass behind it. Shame the entry price was so high.
To quote Nelson Muntz from The Simpsons "HA-HA!"
Comment removed based on user account deletion
Homer:(to Gates) I reluctantly accept your proposal!
Gates: Well everyone always does. Buy 'em out, boys!
Bill Gates companions begin to trash the "office".
Homer: Hey, what the hell's going on!
Gates:Oh, I didn't get rich by writing a lot of checks!
Bill Gates lets out a maniacal laugh. Homer and Marge cower in the corner as the room continues to be trashed.
It would be cool if it didn't suck.
Sodas are still free.
Nobody believes that Microsoft focuses on security. Nobody.
if you believe that i have a bridge to sell you & yes, i accept all major credit cards.
"would stop trying to persuade Web sites"
Perhaps if they did this mafia style with a hammer and some other blunt objects they would have better sucess
You mean like they did when they threatened some of their largest customers with much higher licensing costs when they were considering deploying Netscape instead of Internet Exploder (as detailed in the anti-trust court records)?
The Future of Human Evolution: Autonomy
This is so great. I'd hate to see a internet-wide passport incompatible with anything but windows, buggy and very costy. Happy NY.
http://slashdot.su/
Now how am I going to live my life!! It was doomed to begin with...buggy softwares in the area of payments will never work.
The real action is in federation and the ability of identity management systems to share trusts. Sure, it would be convenient if we didn't have to worry about the dozens of passwords we require for web sites we visit, including Slashdot. But that's a mere inconvenience compared to the issues faced by large organizations attempting to communicate together at an application level of trust.
There are many instances where two or more organizations would like to allow individual humans ,software programs, and devices to communicate once they've been properly identified as 'authenticated' on each other's systems, but the costs of determining which of these entities have that appropriate authorization is too high for the recipient organizations. It's difficult enough to ensure that one's own people/programs have appropriate authorizations and privledges.
Sharing information on each of the potentially millions of instances requiring authentication becomes prohibitively complex and costly. Just managing a directory system that contained 1/4 million employees and a million other internal objects is a huge undertaking. Adding even a fraction of that number of directory objects from dozens of other entities is a burden unlikely to be acceptable.
Enter Federation. My organization trusts these individuals with the set of priviledges that our two organizations have agreed upon as apporpriate for our digital communications and my organization accepts the responsibility to maintain the integrity of our side of the connection. Our identity management system connects to yours and through the use of appropriate handshaking protocols (the federation part - over simplified, I know) demonstrates that trust exists and the communication can occur.
Now instead of maintaining a directory of millions of outside entities etc., we need only maintain a directory record for each approved communcations process.
These issues cross so many disciplines and technologies from e-mail and IM, to SOA and more, that federated trusts becomes necesary if the process is to work at all. Further discussion of this topic belongs, and probably already exists, in a another thread.
They are so shamed that they pull their Directory of sites using .NET Passport from http://www.passport.net/Directory/Default.asp
You know, I keep reading that no one trusted Passport because of Microsoft's history of security. I know that's one reason I didn't (my only Passport account hooks up with Hotmail and Xbox Live) but let me ask you this:
Would you go for a universal authentication system if it was run by Apple? How about if open source folks developed a system aside from Sun's and tried to market that? I wouldn't.
There's nothing inherently more secure about having my passwords stored on a single server out there than the current system, and, quite frankly, there's not much more convience in it.
The only "true" solution I could see for universal passwords is something akin to Keychain on Apple, or, to a lesser extent, saved passwords in Windows. Something that would store all passwords locally, encrypted, and would allow the user to use one login. Match that up with, say, a biometric recognition scheme, and I'd be all for it.
A lot of people focus on the issues of passport as trusting Microsoft issues. While we here might feel that way, the world at large either does trust Microsoft, or doesn't care / know any better. However, and I don't know if my experiences were common, every time I tried to use passport, it would fail to log me into the site claiming to support it! I would invariably get stuck in a forwarding loop and never get authenticated...every year or so I would get an opertunity to try the login again, every year I thought, "they probably got the kinks out by now" and every year, it didn't work.
SPAM
free sodas have not been cut. insurance benefits have not been cut. towel service on redmond campus was cut.
My team had its christmas party already. My old team also had its.
There isn't a "single MS christmas party", because that would be at least 40k people for redmond alone. Christmas parties have been team/division specific for a long time.
Where is the announcement that jobs are "moving to tsunami country" ? MS is doing additional hiring at multiple sites, US including (as in, multiple sites IN THE US).
My opinions are my own, and do not necessarily represent those of my employer.
Uh...shouldn't it be "Microsoft Looses Passport"? ;)
It was a poor design and like the Soviet Union once the central plan didn't comport with reality, it had to die on the ash heap of history. The idiot MSN Groups is what killed it for me. If you have multiple identities, multiple email addresses, and different ones are joined to different groups, you can't remember which identity is to which group. The idiot MSN implementation sends you emails from the group but doesn't show you the email address that the message is being sent to--your own email address. So you can't figure out which one to use to sign onto the Passport and of course since you use multiple identities you don't want it cookified on you. Then the necxt problem is that it won't let you even use it if your cookies are turned off. You'd think Microsoft would have figured with all their security problems that people will turn off cookies and ActiveX (they give you the function to do it in Explorer) but then their passport thing doesn't work. I hated it and would join Yahoo Grpoups instead of MSN Groups and they have their own problems but not this really quite rudimentary level of stupidity.
Damz0r n0w I do'nt h@v 0n3 box to sna7Ch @ll ma CCz frum.
More and more, all of MS's 'innovations' are tanking. Passport, Active Directory, Xbox, MSN 'google' search engine, IE, recently acquired AV software and the list goes on and on, not only were NOT innovative, they actually purchased the technology. See: [http://www.vcnet.com/bms/departments/catalog/cata log.shtml]
They then embraced and extend the technology they purchased.
Of course one of the worst purchases was PassPort.
ugh!!! Good riddance......
People don't like being nagged, and when nagged many have a tendency to do the opposite.
Myself, my father, my mother all had to go through the same thing. "Please create a passport" "OK, wtf is a passport and why do I want it?" *click* (lots of marketing mumbo jumbo that Joe Average has to make an effort to read (a big no-no). *click "later" or whatever*
Next reboot "Please create a passport!!11one!" - at this point you start to get mildly irritated. "I told you last time - now if I find I have the need for a Passport I'll come get one! Go away!"
Next reboot "Please create a passport OR ELSE!!!" - now you start to get pissed off. Stop nagging, I hate things that nag especially computers, go-the-heck-away. Now you make a conscious effort to *avoid* learning about Passport. This is where MS go wrong. What they should have done is made it so that you *want* to learn about Passport - not so that you hate it so much before you even know what it does that you never want to see it again.
Next reboot - "Your desktop is untidy. Clean it up please" - at this point you either a) Bend over and do what it says, b) Go to a tech tip site and learn how to turn *off* all the stupid naggy things that try to tell you want to do, c) Format and install Linux or d) Put the Dell in the bin and buy a Mac.
I seriously hope when Longhorn comes out they look at some of the simple Human-Computer Interaction guidelines like "don't try to make the computer (sorry I forgot the word... androsomething... where it acts like a human)" and "don't nag". Nagging = bad impression of product.
was a passport to failure.
>> Microsoft is abandoning one of its most controversial attempts to dominate the Internet...
While I don't that that Microsoft or any other business would dearly love to dominate the Internet, I never got the impression that Passport was anything more than a thinly veiled branding effort intende to drive traffic to sites that had done deals with MS. The whole thing was premised on the now-understood-to-be-wrong assumption that logging on to different sites was going to present an insurmountable hurdle for people. (It hasn't; everyone just uses the same damn ID and password for everything.)
Remember, the Internet is just a network. What counts is the content. If you wanna dominate the Internet. dominate its content.
-- Slashdot: When Public Access TV Says "No"
The world (and open source in particular) needs to be reminded that MS doesn't always win.
A protocol built into browsers that would allow the site to request passwords from your local cache automatically and securely. This should confirm the identity of the site. Passwords should never travel over the wire. Hashes should go over the wire strongly encrypted.
The benefits are:
a. You only enter your password once. After this _browser_ asks you if you want the site to log you in automatically.
b. This won't cost the web site using the service a dime to implement (if it's GPL/open source).
c. This will decentralize password storage.
d. This will force web sites to use encryption when doing authentication.
e. This will prevent spoofing.
f. This will probably be a lot more effective at killing Passport than posting on Slashdot.
So there you have it, crypto gurus. Now go write a server piece and a toolbar/firefox plugin for it.
That problem is that passport assumes that I only have one identity. I have multiple, legitimate identities when I operate on the web - Especially when I operate on Microsoft's own sites.
I work for a consulting firm which is a Microsoft partner. When I am using the web I may be using it as myself (individually); as an employee of the firm; or as a representative of one of our customers. If I need to register a support issue, download something from MSDN Downloads, or interact with Microsoft in any other way, I always have to be extra careful which passport I am currently using or logged into. If I am not careful I may incorrectly "charge" a download to the wrong party.
The passport interface tries to keep your login "sticky" and does not readily indicate who you are logged in as. It is inconvenient to switch identities and you are never alerted when you bring up a web page that your Passport was just transmitted.
If the Passport client would have popped up a dialog (or asked you in the interface) every time your identity was about to be sent something like "A web site is requesting your identity and information, which identity do you wish to send?", the whole thing would have been a lot more usable for me.
The Link on Cnet.
An excerpt: and I just remembered this made me laugh when it happened.
Ironically, Christmas Day marked 5 years since we bailed them out on the domain name registration fee. A couple of months ago I got a second check for $500 from them since I never cashed the first one (they sent a letter earlier this year saying "hey, we $500 that belongs to you"). I never thought it would get very far past Hotmail, looks like I was right...
Do you have ESP?
Yes, it would appear so.
Microsoft is abandoning one of its most controversial attempts to dominate the Internet
"Dominate the Internet?" Uh, can we please tone down the rabid bias in the submissions, please?
Is Gamespy trying to "dominate the Internet" by requiring you to log in to use any of its services? Give me a break! Microsoft was trying to remove the need for endless redundant passwords that we have to memorize for every website.
I think its great that passport failed because we all know microsoft would promote an insincere solution to the problem.
I think the concept of a universal password is good. I'll give you an example: I have a paper with over 30 passwords to numerous sites I use. I'm constantly updating it. I can't remember it all.
What is really needed is an open source solution with the entire industries backing. The solution should work on all platforms. There is a defenite need and it would be good for ecommerce in general.
Either industry cooperates for better consumer security or the government should push one.
"Microsoft Loses Passport"
This brings up the false hope that the entire company left the country and was unable to reenter the US.
"Can I get a Halle...um, hello?" *tap* *tap* *tap* "Is this thing on?" "I said, can I get a Hal...can I get...aw, screw it."
If you mod me down, I shall become less powerful than you could possibly imagine.
Take note: Microsoft lost one, and it was not a small one.
We tend to discount it now because it's been a couple of years, and Passport's decline has been long and slow, but we were all scared, once, of Passport and what it might mean for the web, with Microsoft's marketing might behind it, with managers' inflated opinion of MS and tendency to give them a pass to do whatever the hell they wanted with their computers.
There's a tendency to view Microsoft as an unstoppable juggernaut, and this opinion is somewhat self-fulfilling. We percieve them as unstoppable, so why bother trying to resist? They may have the occaisional Microsoft Bob, after all, but... look at Windows!
Microsoft loses more battles than you'd think, that's my only point.
This isn't the first time Microsoft has lost Passport.com, although I doubt that a Linux user will return it to them this time.
Easy:
1. Track markets.
2. Sell information about emerging markets.
3. Corner Markets.
4. Eliminate competitors before their market can grow, by tracking its growth (appli AI to mined data).
However, what do I know.. I don't work at Microsoft.. Besides, those who work at Microsoft don't work anywhere else, and that's why they work at Microsoft, so nobody else has them.. This is like DaBeers cementing over a beach full of diamonds (which is supposedly true).
Just say no to license servers!!
a) it's "morale" money
b) there is no logical mapping between "departments" and the various beverage refrigerators, so while your suggestion is possible, i find it highly unlikely. Not to mention that a number of people have plainly stated that if the drinks go, they're leaving. Those people still come to work in the morning.
c) i didn't mention my benefits being cut because they aren't. The stock purchase plan has been _modified_, and according to many peoples analysis, it is not as attractive as it used to be, although that is debateable. Vacation, healthcare, etc are all essentially unchanged from 4 years ago at least in how they affect me on a day to day and value basis. The biggest bneefits change that has been inconvenient deals with perscription drugs - that has been modified so that long term perscriptinos must be fulfilled via a specified mail order provider.
So basically, unless you have something factual instead of speculation or 2nd (or 3rd or 4th or whatever) hand info, STFU.
My opinions are my own, and do not necessarily represent those of my employer.
What was there to get? It's not up to consumers to "get" a tech concept, it's up to the developer to find a compelling reason for people to use theri technology. The entire concept of passport has no redeeming value for anybody except microsoft. I would have been more than happy to use a passport if it did SOMETHING for me.
People who think they know everything really piss off those of us that actually do.
as i wrote in my blog, i can't understand why this happens. it was a good deal! "you give us your personal data (like name, surname, address, credit card number, favourite color, name of your dog, and so on) and we store all this stuff on a MS SQL server". this is a good deal! so strange...