1 Jun 2001 cpw   » (Apprentice)

Passport is Microsoft's bid to operate the master password database for every Web site and service. They've got a shot at grabbing a large number of subscribing sites because the current Web authentication solution involves thousands of different password databases to administer and support, and thousands of passwords for a user to remember.

I don't think they can do it right.

  • Those Terms of Service are an abomination
  • Insufficient paranoia is endemic within MS product groups
  • The protocols are closed, resulting in vendor lock-in
  • The protocols are closed, resulting in insufficient peer review of what is potentially the most used crypto since DES.

AOL are their only credible current threat. They have a slightly better security record, but the other problems are much the same.

I don't want to trust either of them. We cannot allow Microsoft or AOL to dominate Web-wide authentication.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!