18 October 2017

Banks should curtail their use of Passport - Gartner

19 May 2003  |  4839 views  |  0 Banks should curtail their use of Passport - Gartner

Financial institutions are being advised to restrict their use of Microsoft's Passport for at least six months following the recent discovery of serious security flaws in the online digital identity system.

The recommendation comes from Gartner analysts John Pescatore and Avivah Litan, and follows the discovery earlier this month of a gaping hole in Passport that allowed unauthorised users to usurp Passport identities. Microsoft indicates it has resolved the problem and does not know of any of the 200 million Passport accounts that were breached.

The analysts says that Microsoft failed to thoroughly test Passport's security architecture, and this flaw — uncovered more than six months after Microsoft added the vulnerable feature to the system — raises serious doubts about the reliability of every Passport identity issued to date.

Passport accounts are routinely used for the authentication of users accessing e-mail and e-commerce transactions. Citigroup, for instance, has Passport-enabled some of its online accounts in an effort to streamline customer access to the bank's Internet products through a combination of Citigroup passwords and Passport identities.

Gartner recommends that financial institutions, credit card issuers, retailers and other enterprises that use Passport for any meaningful business purpose immediately: break all Passport connections until at least November 2003, until Microsoft can prove that its security is adequate; or invest in an additional, more secure form of authentication for all issued Passport identities.

Institution's should also contact all customers who use Passport and make them aware of Microsoft's patch.

This discovery deals a major blow to Microsoft and the rival Liberty Alliance, says Gartner, which have not yet succeeded in getting the consumer e-commerce market to accept identity services of this type.

Gartner surveys have shown that consumers and enterprises have already seen more risk than value in Passport and Liberty.

"The serious vulnerability in Passport will likely further delay any meaningful demand for such services until at least 4Q04," say the analysts. "Microsoft can reduce this impact and regain market confidence by submitting Passport's code to a full open-source review."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related company news


Related blogs

Create a blog about this story (membership required)
visit www.innotribe.com visit www.vasco.com

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
15311 views comments | 12 tweets | 4 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
8494 views comments | 16 tweets | 22 linkedin
hands typing furiouslyHow artificial intelligence can deliver a...
8006 views 0 | 7 tweets | 9 linkedin
satelliteGates Foundation backs Ripple collaboratio...
7536 views comments | 13 tweets | 9 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
6637 views comments | 8 tweets | 16 linkedin

Featured job

Competitive base + commission + benefits
Denmark, Finland, Iceland, Norway or Sweden

Find your next job