18 January 2018
visit http://response.ncr.com

Banks should curtail their use of Passport - Gartner

19 May 2003  |  4867 views  |  0 Banks should curtail their use of Passport - Gartner

Financial institutions are being advised to restrict their use of Microsoft's Passport for at least six months following the recent discovery of serious security flaws in the online digital identity system.

The recommendation comes from Gartner analysts John Pescatore and Avivah Litan, and follows the discovery earlier this month of a gaping hole in Passport that allowed unauthorised users to usurp Passport identities. Microsoft indicates it has resolved the problem and does not know of any of the 200 million Passport accounts that were breached.

The analysts says that Microsoft failed to thoroughly test Passport's security architecture, and this flaw — uncovered more than six months after Microsoft added the vulnerable feature to the system — raises serious doubts about the reliability of every Passport identity issued to date.

Passport accounts are routinely used for the authentication of users accessing e-mail and e-commerce transactions. Citigroup, for instance, has Passport-enabled some of its online accounts in an effort to streamline customer access to the bank's Internet products through a combination of Citigroup passwords and Passport identities.

Gartner recommends that financial institutions, credit card issuers, retailers and other enterprises that use Passport for any meaningful business purpose immediately: break all Passport connections until at least November 2003, until Microsoft can prove that its security is adequate; or invest in an additional, more secure form of authentication for all issued Passport identities.

Institution's should also contact all customers who use Passport and make them aware of Microsoft's patch.

This discovery deals a major blow to Microsoft and the rival Liberty Alliance, says Gartner, which have not yet succeeded in getting the consumer e-commerce market to accept identity services of this type.

Gartner surveys have shown that consumers and enterprises have already seen more risk than value in Passport and Liberty.

"The serious vulnerability in Passport will likely further delay any meaningful demand for such services until at least 4Q04," say the analysts. "Microsoft can reduce this impact and regain market confidence by submitting Passport's code to a full open-source review."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.fivedegrees.nlvisit www.vasco.comvisit www.capgemini.com

Top topics

Most viewed Most shared
Europe begins Open Banking era in subdued styleEurope begins Open Banking era in subdued...
10477 views comments | 32 tweets | 36 linkedin
Crypto mining threatened by power capacity concernsCrypto mining threatened by power capacity...
10047 views comments | 17 tweets | 18 linkedin
Exchanges call for global fintech standardsExchanges call for global fintech standard...
9735 views comments | 17 tweets | 14 linkedin
Wells Fargo to close 900 branchesWells Fargo to close 900 branches
9631 views comments | 14 tweets | 16 linkedin
KFC introduces Bitcoin BucketKFC introduces Bitcoin Bucket
9189 views comments | 17 tweets | 16 linkedin

Featured job

Competitive base + commission (double OTE)
London, UK

Find your next job