Gartner: Drop Microsoft Passport

In what can only be called yet another bid for attention, market research group Gartner is advising businesses using Microsoft's Passport authentication service to stop implementing the technology.

Paul Thurrott

May 18, 2003

2 Min Read
ITPro Today logo

Market research group Gartner is advising businesses that use the Microsoft Passport authentication service to stop implementing the technology. This advisory is the second from the company in recent months to suggest people drop a Microsoft product; last year, Gartner advised companies to stop using the Microsoft IIS Web server. As with the IIS incident, a security vulnerability is the catalyst for the new advisory, and now, as then, Gartner is out of line.

Passport, you might recall, is a Microsoft service that lets users create one logon for Web sites, Instant Messaging (IM), e-commerce, and other online activities. The company is converting Passport to a Web services model and will soon release a federated trust server that will help Windows-based enterprises link internal user authentication to Passport accounts on the Internet. Microsoft claims hundreds of millions of Passport users, but most of those users are really Hotmail accounts (Hotmail requires a Passport account).

Last week, Microsoft fixed a major Passport vulnerability that could have let attackers usurp control of user accounts. And this vulnerability is the reason for Gartner's recommendation that companies--specifically financial institutions, credit companies, e-commerce sites, and anyone else using Passport for "meaningful business purposes"--immediately drop Passport and wait for the November release of a Passport update, which will feature more secure authentication technologies. The parallels to Gartner's IIS advice are staggering: Gartner advised companies to immediately drop IIS until Microsoft released a more secure version (Internet Information Services--IIS--6.0, part of Windows Server 2003). In both instances, Gartner offers absolutely no usable advice about what companies can do in the meantime. In other words, Gartner identifies a problem but doesn't offer a real solution.

"We think that the recommendations Gartner makes are not constructive for customers," a Microsoft spokesperson said. "While we know that we can always do better, we believe we have a solid set of processes and procedures in place to run Passport as a trusted service."

Read more about:


About the Author(s)

Paul Thurrott

Paul Thurrott is senior technical analyst for Windows IT Pro. He writes the SuperSite for Windows, a weekly editorial for Windows IT Pro UPDATE, and a daily Windows news and information newsletter called WinInfo Daily UPDATE.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like