EU Privacy Authorities Seek Changes in Microsoft 'Passport'
bear
bear at sonic.net
Mon Jan 27 12:57:43 EST 2003
The widespread acceptance of something as obviously a bad idea as
passport really bothers me. I could see a "password manager" program
to automate the process of password invalidation where you discovered
a compromise; but the idea of putting everything you do online on the
same password or credential is just... stupid beyond belief.
Why are single-sign-on systems even legal to sell without warnings?
Why don't Msoft and the other members of the "Liberty alliance" have
to put a big warning label on them that says "USE OF THIS PRODUCT WILL
DEGRADE YOUR SECURITY"? Because that's what we're looking at here;
drastically reduced security for very marginally enhanced convenience.
But what really gets me about this is that it's totally obvious that
that's what we're looking at, and people are buying this system
anyway. That's hard to swallow, because even consumers ought not to
be that stupid. But it's even worse than that, because people who
ought to know better (and people who *DO* know better, their own
ethics and customers' best interests be damned) are even *DEVELOPING*
for this system. It just doesn't make any damn sense.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list