18 August 2017
Find out more

Banks should curtail their use of Passport - Gartner

19 May 2003  |  4805 views  |  0 Banks should curtail their use of Passport - Gartner

Financial institutions are being advised to restrict their use of Microsoft's Passport for at least six months following the recent discovery of serious security flaws in the online digital identity system.

The recommendation comes from Gartner analysts John Pescatore and Avivah Litan, and follows the discovery earlier this month of a gaping hole in Passport that allowed unauthorised users to usurp Passport identities. Microsoft indicates it has resolved the problem and does not know of any of the 200 million Passport accounts that were breached.

The analysts says that Microsoft failed to thoroughly test Passport's security architecture, and this flaw — uncovered more than six months after Microsoft added the vulnerable feature to the system — raises serious doubts about the reliability of every Passport identity issued to date.

Passport accounts are routinely used for the authentication of users accessing e-mail and e-commerce transactions. Citigroup, for instance, has Passport-enabled some of its online accounts in an effort to streamline customer access to the bank's Internet products through a combination of Citigroup passwords and Passport identities.

Gartner recommends that financial institutions, credit card issuers, retailers and other enterprises that use Passport for any meaningful business purpose immediately: break all Passport connections until at least November 2003, until Microsoft can prove that its security is adequate; or invest in an additional, more secure form of authentication for all issued Passport identities.

Institution's should also contact all customers who use Passport and make them aware of Microsoft's patch.

This discovery deals a major blow to Microsoft and the rival Liberty Alliance, says Gartner, which have not yet succeeded in getting the consumer e-commerce market to accept identity services of this type.

Gartner surveys have shown that consumers and enterprises have already seen more risk than value in Passport and Liberty.

"The serious vulnerability in Passport will likely further delay any meaningful demand for such services until at least 4Q04," say the analysts. "Microsoft can reduce this impact and regain market confidence by submitting Passport's code to a full open-source review."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related company news


Related blogs

Create a blog about this story (membership required)
visit www.dorsum.euvisit www.worldpaymentsreport.comvisit www.niceactimize.com

Top topics

Most viewed Most shared
Monzo appoints Curve co-founder Foster-Carter COOMonzo appoints Curve co-founder Foster-Car...
8653 views comments | 1 tweets | 3 linkedin
Norwegian banks and startups form fintech clusterNorwegian banks and startups form fintech...
7041 views comments | 18 tweets | 22 linkedin
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
6603 views comments | 20 tweets | 22 linkedin
hands typing furiouslyWhy Blockchain Might Not Be The Future For...
5829 views 1 | 5 tweets | 3 linkedin

Featured job

London, UK (or flexible)

Find your next job