Microsoft plays a major role in the computing domain and is considered one of the leaders in term of solutions and software development. It started in the earlier ages with the operating systems, than couple of other simple disconnected systems and now, Microsoft is considered as the 1st software company in the world. A lot of systems have been raised in the last decade by Microsoft and they touched different areas (Emails, Collaboration, Data storage, Social networks, Gaming, Entertainment…etc).
Security is also in the top priorities of Microsoft products, as they are considered as the favourite target of hackers and suffered from viruses and all kind of attacks since their appearance. One of the important concerns related to security and the diversity of systems and devices is the password manipulation (using and changing). Microsoft has developed couple of protocols and techniques for password using (Authentication) and changing. One of the greatest advents in the field of authentication is the single sign on protocol, which allow the users to authenticate only once and then get access to all systems that implement and comply with this protocol (RTRS, 2006).
Single Sign-On refers to the ability to log in to one application or server and be authenticated on other applications or servers without having to log in again (Rutenbeck, 2006). This can be more convenient for users, as they do not need to re-enter their passwords for each system and it can also (under certain circumstances) be more secure. Depending under which angle we look at the second part (not having to re-enter password each time), we might disagree whether it is a positive or negative aspect of the Single Sign-on.For end users, it’s easier and simpler for them to authenticate only once, the issue or downside which could be very attracting and motivating for hackers, is that when a password is stolen, they have access to couple all systems (implementing the SSO), whereas in the past, they had to crack different passwords for each system. The Microsoft .Net Passport is one of the different applications of SSO protocol which has raised a lot of confusions and discussions about the strength of this method.
To use .NET Passport, a user must create a Passport account. A central database stores the user’s account information, as well as the registration and sign-in and sign-out pages that participating Passport sites can cobrand. This lets users move easily between participating sites without needing to remember a specific set of credentials for each site. Several security levels protect the stored Passport information. Sites become Passport participants by implementing the .NET Passport SSI service. (Rolf, 2003).
As all other techniques, no solution is absolutely perfect and I personally would prefer re-typing my password again and again rather than being lazy and exposed to more risks.
– Ready to Run Software (2013). Microsoft .Net Passport and Single-Sign On (SSO) Authentication. Available at: http://www.rtr.com/Ready-to-Run_Software/NET_passport.htm
– Jeff Rutenbeck (2006).Tech Terms: What Every Telecommunications and Digital Media Professional Should Know. ISBN: 1136034501
– Rolf Oppliger (2003). Microsoft .NET Passport: A Security Analysis. IEEE Computer Society. Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1212687