16 July 2018
Register today

Banks should curtail their use of Passport - Gartner

19 May 2003  |  4914 views  |  0 Banks should curtail their use of Passport - Gartner

Financial institutions are being advised to restrict their use of Microsoft's Passport for at least six months following the recent discovery of serious security flaws in the online digital identity system.

The recommendation comes from Gartner analysts John Pescatore and Avivah Litan, and follows the discovery earlier this month of a gaping hole in Passport that allowed unauthorised users to usurp Passport identities. Microsoft indicates it has resolved the problem and does not know of any of the 200 million Passport accounts that were breached.

The analysts says that Microsoft failed to thoroughly test Passport's security architecture, and this flaw — uncovered more than six months after Microsoft added the vulnerable feature to the system — raises serious doubts about the reliability of every Passport identity issued to date.

Passport accounts are routinely used for the authentication of users accessing e-mail and e-commerce transactions. Citigroup, for instance, has Passport-enabled some of its online accounts in an effort to streamline customer access to the bank's Internet products through a combination of Citigroup passwords and Passport identities.

Gartner recommends that financial institutions, credit card issuers, retailers and other enterprises that use Passport for any meaningful business purpose immediately: break all Passport connections until at least November 2003, until Microsoft can prove that its security is adequate; or invest in an additional, more secure form of authentication for all issued Passport identities.

Institution's should also contact all customers who use Passport and make them aware of Microsoft's patch.

This discovery deals a major blow to Microsoft and the rival Liberty Alliance, says Gartner, which have not yet succeeded in getting the consumer e-commerce market to accept identity services of this type.

Gartner surveys have shown that consumers and enterprises have already seen more risk than value in Passport and Liberty.

"The serious vulnerability in Passport will likely further delay any meaningful demand for such services until at least 4Q04," say the analysts. "Microsoft can reduce this impact and regain market confidence by submitting Passport's code to a full open-source review."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit info.nice.comVisit www.aciworldwide.comVisit https://secure.vasco.com

Who is commenting?

A Finextra member Finextra Member Commented on: Mastercard enlists Wor...
Suresh K Suresh K Commented on: I am the password
A Finextra member Finextra Member Commented on: Mastercard enlists Wor...

Top topics

Most viewed Most shared
Handelsbanken trials micro contactless cardsHandelsbanken trials micro contactless car...
9817 views comments | 18 tweets | 30 linkedin
Championing financial inclusion and helping the UnstoppablesChampioning financial inclusion and helpin...
8362 views comments | 3 tweets | 1 linkedin
PayPal ready to spend $3bn a year on acquisitionsPayPal ready to spend $3bn a year on acqui...
8246 views comments | 13 tweets | 17 linkedin
Anything Visa can do...Mastercard takes time outAnything Visa can do...Mastercard takes ti...
7811 views comments | 6 tweets | 14 linkedin
Faster Payments outage delays thousands of transactionsFaster Payments outage delays thousands of...
7160 views comments | 8 tweets | 19 linkedin

Featured job

Competitive base, double ote, benefits
New York City, NY USA

Find your next job