Microsoft’s Passport

Making travel reservations and purchases online has become common practice. Many of us will order books at Amazon.Com or send flowers. Jupiter Research conducted a survey in March of 2003. In it, they found out that 55% of households were comfortable making credit card purchases online.

This sense of security was dealt a serious blow recently. Microsoft’s Passport was found to have serious security flaws. Microsoft is accused of not thoroughly testing their code before releasing the product. The problem, which was fixed in early May, would have allowed an attacker to change the account password and have information re-directed to the email account of their choosing.

Microsoft’s Passport system stores personal and credit card information. It is a free service. Ecommerce websites partner with Microsoft and accept Passports identity authentication. Since the Passport stores credit card, billing, shipping and other personal information, the web user would not have to enter all of the information that is currently necessary to transact business online.

The Passport was accepted early on. Microsoft tied the Passport’s use into the use of other Microsoft products such as Hotmail and Microsoft Messenger, requiring these users to also adopt Passport.

The FTC reached a settlement with Microsoft this Spring, requiring 20 years of third party authentication system audits. The audits will be performed every 2 years. The FTC ruled that Microsoft misstated its security level.

Microsoft’s internet strategy has been to carve out a healthy section of the ecommerce sector. The Passport is Microsoft’s choice of entry vehicle, and crucial to their future web strategy. The more customers Microsoft can get to sign on to the Passport, the more companies it can sell its services to, and more advertising revenue it can generate.

Internet News stated that Banks get the highest vote in consumer confidence when running an “e-wallet” service (47%), with Microsoft at 12%.