Drop MS Passport!
Date 24-May-2003 1:30:47
|The Gartner Group has advised customers to avoid Microsoft's Passport authentication system for at least six months. If businesses continue to use Passport, they should bolster their defences with "an additional, more secure form of identification for all issued Passport identities," says Gartner. |
The advisory note was issued on May 15, and follows the revelation of a trivial backdoor in Passport. Earlier this month, a security researcher discovered that he could access 200 million accounts at will by inserting the string "emailpwdreset" into a URL.
But perhaps Gartner was stung more by Microsoft's complacent reaction to the backdoor, than by the technical incompetence itself.
""You live and learn. We will obviously take a hard look to make sure that if something is sent through the nonstandard channels, and it is real, we are all over it," is how Microsoft's Adam Sohn reacted to the news.
Microsoft faces a potential $2 trillion fine from the United States' Federal Trade Commission for the breach.
Gartner warns that the loss of confidence in authentication systems will affect rivals, too - a fair conclusion, we reckon. Although the major retailers are pushing hard for authentication systems, the public remains rightfully skeptical of systems that harvest our personal data and offer little in return.