Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Loses Passport

Posted by michael on from the apply-at-consulate-for-new-one dept.

nikkoslack copies and pastes: "Microsoft is abandoning one of its most controversial attempts to dominate the Internet after rival companies banded together to oppose it and consumers failed to embrace it. The Redmond software company said Wednesday it would stop trying to persuade Web sites to use its Passport service, which stores consumers' credit-card and other information as Internet users surf from place to place."

26 of 271 comments (clear)

  1. no trust... no passport by AlexTheBeast · · Score: 4, Insightful

    Nobody believes that Microsoft focuses on security. Nobody.

    That is the reason that the passport system failed. The general computer using public is not
    really tech-knowledgable... however, they do know that credit card numbers are to be protected.

    (Of course, they don't realize that all of this spyware s!ht they have installed could
    grab their numbers just as easily.)

    Hopefully, Microsoft will turn off
    that damn reminder balloon now.

    1. Re:no trust... no passport by turnstyle · · Score: 5, Insightful
      "Nobody believes that Microsoft focuses on security. Nobody. That is the reason that the passport system failed. The general computer using public is not really tech-knowledgable."

      Your logic kind of cancels itself out. You are correct that the bulk of the public isn't tech-knowledgable -- and so I'd say that it's safe to say that they didn't avoid Microsoft's Passport for security reasons.

      (after all, do they avoid Microsoft's OSes for security reasons?)

      Passport mostly failed because those masses didn't "get it" and didn't care to.

      --
      Here's what I do: Bitty Browser & Andromeda
    2. Re:no trust... no passport by krbvroc1 · · Score: 4, Interesting

      Nobody believes that Microsoft focuses on security. Nobody.

      I don't think it is just security - it is lack of trust on several levels.

      Personally,

      1) I do not trust Microsoft with my information

      2) I do not that Passport really added any value. From a privacy point of view, I could just as easily maintain multiple passwords on multiple sites with a password manager program - I use Roboform under both IE and Firefox.

      3) Companies did not want to hand over an important function of their business to a third party with little gain. Little value is added by letting a third party control this, yet it can provide huge leverage for MS in the future. I forget which year it was, but I recall Bill Gates saying that MS wanted to get a slice of every online transaction.

      4) I did not trust that the technology between the website and MS was safe. Some pages seemed to be unencrypted, etc. There did not seem to be any security guidelines required of sites that are Passport enableed - maybe there is, but it seemed lacking to me.

      5) I do not trust 'Privacy Policies' - companies can change them whenever they want and in certain instances (like TSA / Airlines) claim that the policies aren't binding, just PR. For me the best Privacy Policy is to not give out the data to the middleman in the first place.

    3. Re:no trust... no passport by Foofoobar · · Score: 4, Insightful

      Actually there are multiple reasons why the public didn't get it and it boils down to the public and the industry avoiding it because of the following:

      1. monopoly - nobody wants to give all their id's to one company to control

      2. lack of understanding - why do I need one company to have my login and password to use on all these sites when I, Joe Average, already use the same login and password on all these sites?

      3. security - Seriously, would you trust them with your login, pass, personal info and credit card information when they have had such a flawless run on security?

      Because of one of those three things (or a combination thereof), it failed. These are (oddly enough) the same stumbling blocks that continue to stump them with all product releases. In some ways, it would have been in Microsoft's best interest's to split the company either via the courts or themselves; in that sense, the baggage of the company would not follow every product. By splitting the company, the could effectively put a new face behind each branch and each child company would have a chance to remarket themselves and their products.

      On a negative, this would make it so that they would then have to compete more fairly in an open market and thus would cost them a share. It's give and take and right now no matter how you cut it microsoft loses.

      --
      This is my sig. There are many like it but this one is mine.
  2. Passport's failure by turnstyle · · Score: 5, Insightful

    I think "rival companies banded together to oppose it" was far less relevant than "consumers failed to embrace it"

    --
    Here's what I do: Bitty Browser & Andromeda
  3. It's often implemented without https by HawkinsD · · Score: 5, Informative

    Thank God.

    I realize that it's probably the fault of the implementer, and not the technology, but I can't tell you how many times I've supplied my password to a page that was rendered without https.

    So I had to get two Passport accounts: one for secure things, like my MSDN account, and one for things that I didn't care who stole my password for.

    --
    Never attribute to malice that which can be explained by mere idiocy.
    1. Re:It's often implemented without https by Dr.+Evil · · Score: 5, Informative

      Often the page is sent in the clear, but the submit action is an https link.

      Not that I think that such behaviour is good practice... just that it might very well have been encrypted.

  4. A few years down the line ... by Anonymous Coward · · Score: 5, Insightful

    /tinfoil hat on

    Microsoft will embrace the Libery Alliance's Passport service. Windows users will embrace it too because it will be ported into the kernel.

    Few years later, Microsoft will modify the protocol to extend it, adding their own proprietary features. Windows users have no choice but to embrace it.

    Microsoft will then lock out competitors from using their new version of Passport. They might even patent parts of it. In the end they will end up dominating the Passport buisness anyways.

    /tinfoil hat off

    1. Re:A few years down the line ... by savagedome · · Score: 5, Funny

      I agree. However I have one question. Why did you take the tinfoil hat off?

      --


      Free XBox, PS2
    2. Re:A few years down the line ... by finkployd · · Score: 4, Informative

      You don't really know much about liberty alliance do you? It is a federated identity management service, using OASIS's SAML to assert authentication status and attributes, not like passport's "store everything in one place" service.

      It is also licensed such that MS cannot modify or extend it in a way that is interoperable with the spec (which would make it useless anyway).

      Finkployd

  5. Wrong persuasion method... by Seabass55 · · Score: 4, Funny

    "would stop trying to persuade Web sites"

    Perhaps if they did this mafia style with a hammer and some other blunt objects they would have better sucess

  6. Not Totally Abandoned by p0 · · Score: 5, Informative

    Microsoft will still use Passport for MSN services like Hotmail.

    --
    This is my sig. There are thousands more, but this one is mine.
  7. Ebay by ViolentGreen · · Score: 4, Interesting

    Perhaps Ebay's decision to drop it was the final straw.

    --
    Not everything is analogous to cars. Car analogies rarely work.
  8. Cannot trust Microsoft by totallygeek · · Score: 4, Interesting
    Nobody believes that Microsoft focuses on security. Nobody.


    They do, and they market that very well. I recently saw an eighteen-wheeler pull through major cities showcasing Microsoft security products. Every business owner I spoke with that has had considerable expenses due to Microsoft's insecurities was amazed at their products. What I find most interesting is when a peer of mine went to a Microsoft propaganda seminar, they suggested the purchase of a Linksys router/firewall to place before their high-dollar security system. When asked what OS this equipment used, the speaker proudly mentioned Linux.


    The problem is age-old though. Viruses and Trojans would seemingly not exist without Microsoft. Certainly, there would not be a need for anti-virus products because the numbers would be manageable enough via infrequent patching. Therefore, Microsoft is the problem.

    --
    Click here or here.
  9. what about liberty alliance? by munehiro · · Score: 5, Interesting

    Just some questions. Is the liberty alliance project still alive? does it provide a decentralized authentication proxy and will it be deployed concretely in some future?

    There were a lot of rumors about this "passport killer" but now it seems to be faded into silence.

    --
    -- "If A equals success, then the formula is A=X+Y+Z. X is work. Y is play. Z is keep your mouth shut." - Einstein
  10. Not surprising by __aafkqj3628 · · Score: 5, Interesting

    They shot themselves in the foot a long time ago with extremely high licensing costs and requirements as well as complicated implementation requirements (not to mention the tiny client portfolio or constant security problems).

    Besides, there's no push for businesses to either adopt single-sign-on services, or for customers to want it.
    Businesses require flexibility when it comes to user authorisation and profiles that 3rd-party services cannot offer.
    Most people either use the same user-name and password combination for all of their services, and there aren't many browsers that won't auto-complete u/p forms.

    At least with this announcement, Microsoft might be able to push some of it's resources from trying to push this serviced to 3rd parties to fixing the services internally (ever tried to log-out?)

  11. MS Shot Self in Foot by phaln · · Score: 5, Insightful

    When Microsoft continued to leave "security" off its list of "necessary items" to follow up on for years, they pretty much shot any hopes of controlling a unified authentication system out the door.

    Nobody takes them seriously as far as security goes. Just reading the headlines for a day would make that abundantly clear.

    Perhaps a competitor will come out with a clean record and a compelling product, but in this area it isn't going to be Microsoft, if anyone.

    --
    SNACKS ARE AWESOME
  12. A better system would be... by ThinkTiM · · Score: 4, Insightful

    a public/private key scheme where public registrars keep your key. You keep your list of credit cards and identities on YOUR own devices. You then send encrypted information containing your credit card or identity in an industry standard packet of encyrpted information along with a link to the registrar.

  13. Lost the battle, but war is not over by nurb432 · · Score: 4, Insightful

    They will be back. They have the time and the funds to punt on this..

    But they are not done...Total domination takes time.. They learned that lesson with java and the web in general...

    --
    ---- Booth was a patriot ----
  14. Noble cause by confusion · · Score: 4, Insightful
    The idea behind passport, at least partly, was a good idea in making the internet a little more consistant and easier to use for the herds of everyday people. The big problem is that when a company like MS forges a solution, its going to have strings attached and a financial motivation to pressure companies to do things they don't want to do.

    I still think the idea is valid, but the implementation and execution, in true MS form, left a lot to be desired.

  15. Passport was a bad name by DoctorHibbert · · Score: 5, Interesting

    My wife was buying airline tickets on Expedia when it asked her to log in, the first log in choice was to use her Passport id. So she dutifully goes and retrieves her US passport. Yes, I laughed at her too, but still the confusion was understandable, she was buying airline tickets after all.

    Maybe if they would have called WebId or something more descriptive it might have caught on.

    --
    Arbitrary sig
  16. One login is easy for identity theft. by Yaa+101 · · Score: 4, Insightful

    Let me have my 1000's of different logins as you can't imagine what happens when your only identity online get's compromised.
    Imagine the work you need to pick up the pieces, this after all the work you need to make sure that the theft's impact remains small...

    People that buy in on a single net identity are not so smart it seems...

  17. Newsflash! by Foofoobar · · Score: 5, Funny

    Innovation isn't really innovation if no one wants it but you.

    --
    This is my sig. There are many like it but this one is mine.
  18. Misconceptions by RupW · · Score: 5, Informative
    The Redmond software company said Wednesday it would stop trying to persuade Web sites to use its Passport service, which stores consumers' credit-card and other information as Internet users surf from place to place."

    • Passport does not store your credit-card details any more. You had to opt in to passport's Wallet service to do this. Microsoft discontinued Wallet a long time ago.
    • You do not have to provide any personal details to Passport. If you do, you can refuse Passport permission to pass them on to other sites. In this case, all the end sites get is your 64-bit user ID.
    • End sites cannot store information in your Passport account. The API is one way only. To alter the details in your Passport you have to go to passport.net
    • Passport is a trusted third-party for authentication. You don't log into any passport-enabled site directly; they redirect you to a secure page on passport.net (often with some source-site branding) and Passport redirects you back to them once you've logged in.
    • Passport absolutely DOES NOT "store your passwords". A few people said this in the eBay story's comments (!). Come on people, we're supposed to be tech-savvy here.

    I'm almost sorry to see it go - it was a usable, simple to integrate single-sign-on with a big name, money and a fair critical mass behind it. Shame the entry price was so high.
    1. Re:Misconceptions by s7uar7 · · Score: 4, Insightful

      Coupled with the cost, that 2nd point will be the reason there was such a low take-up by 3rd party sites. Companies use your registration details for far more than just letting you in to the site - giving demographics to advertisers for example. If they're going to allow logins from clients with no details, they may as well do away with the registration all together.

  19. Another take on why it failed... by Cloud+K · · Score: 4, Insightful

    People don't like being nagged, and when nagged many have a tendency to do the opposite.

    Myself, my father, my mother all had to go through the same thing. "Please create a passport" "OK, wtf is a passport and why do I want it?" *click* (lots of marketing mumbo jumbo that Joe Average has to make an effort to read (a big no-no). *click "later" or whatever*

    Next reboot "Please create a passport!!11one!" - at this point you start to get mildly irritated. "I told you last time - now if I find I have the need for a Passport I'll come get one! Go away!"

    Next reboot "Please create a passport OR ELSE!!!" - now you start to get pissed off. Stop nagging, I hate things that nag especially computers, go-the-heck-away. Now you make a conscious effort to *avoid* learning about Passport. This is where MS go wrong. What they should have done is made it so that you *want* to learn about Passport - not so that you hate it so much before you even know what it does that you never want to see it again.

    Next reboot - "Your desktop is untidy. Clean it up please" - at this point you either a) Bend over and do what it says, b) Go to a tech tip site and learn how to turn *off* all the stupid naggy things that try to tell you want to do, c) Format and install Linux or d) Put the Dell in the bin and buy a Mac.

    I seriously hope when Longhorn comes out they look at some of the simple Human-Computer Interaction guidelines like "don't try to make the computer (sorry I forgot the word... androsomething... where it acts like a human)" and "don't nag". Nagging = bad impression of product.