Feeds

Drop MS Passport, advises Gartner

Wants 6-month freeze for bug-ridden sign-on system

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

The Gartner Group has advised customers to avoid Microsoft's Passport authentication system for at least six months. If businesses continue to use Passport, they should bolster their defences with "an additional, more secure form of identification for all issued Passport identities," says Gartner.

The advisory note was issued on May 15, and follows the revelation of a trivial backdoor in Passport. Earlier this month, a security researcher discovered that he could access 200 million accounts at will by inserting the string "emailpwdreset" into a URL.

But perhaps Gartner was stung more by Microsoft's complacent reaction to the backdoor, than by the technical incompetence itself.

""You live and learn. We will obviously take a hard look to make sure that if something is sent through the nonstandard channels, and it is real, we are all over it," is how Microsoft's Adam Sohn reacted to the news.

Microsoft faces a potential $2 trillion fine from the United States' Federal Trade Commission for the breach.

Gartner warns that the loss of confidence in authentication systems will affect rivals, too - a fair conclusion, we reckon. Although the major retailers are pushing hard for authentication systems, the public remains rightfully skeptical of systems that harvest our personal data and offer little in return. ®

Related Story

$2 trillion fine for Microsoft security snafu?

Secure remote control for conventional and virtual desktops

More from The Register

next story
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
Apple's OS X Yosemite slurps UNSAVED docs into iCloud
Docs, email contacts... shhhlooop, up it goes
Was ist das? Eine neue Suse Linux Enterprise? Ausgezeichnet!
Version 12 first major-number Suse release since 2009
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.