MS has released a new concept called Passport and Wallet, a protocol for easier shopping on the internet. Works like this: You log onto an MS server and provide all your personal details, name, address, credit-card number, how you like items to be sent to you, shoe-size(!) etc. You recieve a login-name (which is your mail-address) and a password. Now you can go shopping. On commercial sites using Passport, you only need to provide your username and password, click ok, and that's all. Quite simpler than other shopping on the net.
But is this secure? Two engineers at AT&T did some research on Passport 1 year, ago and conlcuded it wasnt't at all safe. The use of SSL "assume
too much about user awareness", they say, and they also found several other flaws. MS claims to have fixed those in the latest release.
Undoubtly, MS has a user friendly product, and a the concept is something I think really is a solution for the future. (But is the technology ready?). Shopping on the net is too compilcated, and has to become as easy as shopping in a real store.
Not many users trust MS and the Passport/Wallet system. Even though the concept is closely linked with hotmail, less than 1% of hotmail users want to use Passport/Wallet. This might be a result of MS' bad reputation when it comes to security issues. Or it may be because people don't trust the internet to take care of theire private information.
What's in it for hackers that can steal all this information? They get a lot of personal details, not too interresting. And they get a lot of credit cards, now that's something!! I think if a Pssport/Wallet system provided all nessecary information, except for the credit card number, more users would like to join such a service. But I haven't done any research one it.
What do you guys think?