ComputerFAQ

Computer FAQ

for Aug 6, 2003

Hi, All;

This week: More about Passport and passwords, Part 2 Last week I talked about passwords on your hard drive and on web sites, computers. Back to Dave's letter and some more of his concerns:

Having ebay or others I deal with remember my name and password for just that account is OK too, can't really avoid it unless we want to be entering names and passwords all day. But it's only name/password for ONE business.

It is the same file for every user on that web site (a hacker's smorgasbord)!

This Microsoft Passport deal is very different. Using it means somewhere in Microsoft's hard drive banks Microsoft would be holding my name/password for every account I've put into it. Passport I think provides for us to use ONE name and password for all of the web accounts we visit. And that might be very convenient. But... that password being stored at Microsoft makes it certainly available to a whole lot of (how many???) employees at Microsoft, people who haven't passed any security check that they've told me about. And I think for that reason Passport is very dangerous.

I looked at the Passport.NET privacy statement and found that, like most privacy statements, it is full of good feeling words and promises. But it did elaborate on how they protect your information and pointed out that all your information is encrypted on both your own machine and on the Passport.NET servers. While I was in the computer business, one of the biggest changes that occurred was the encryption of users, passwords on the servers of businesses. At first, technicians could look up a forgotten password on behalf of a user, but the third version of the server software allowed only a change to a new word that would work only once to allow access to the system in order to change to a new password. There was no way for techs to view, change, or modify any password files. Like all corporations now, Microsoft does or has done background checks on their own and contracted people to weed out the obvious criminal types. Again, I stress the effort involved in cracking a 128- or 256-bit encrypted password file takes months or years, and people with criminal intent wanting to crack a password file don't have time to be working at Microsoft or anywhere else that is as time-demanding. And if you change your passwords on a regular basis, the file that has been stolen is no longer valid, as all the passwords have been changed.

Next Week: Does Passport make changing your passwords easier so you can change them often?

'Til next week, (ComputerFAQ#151)

Robert

Please send your questions to

Computerfaq@juno.com

By snail mail to:
ComputerFAQ
409 Silverbrook Road
Randle, WA 98377

Editor's Note: If the right side dark border
impinges on the text, just grab the bottom
right "sizing" corner of this window and
narrow it to about 6 1/2".

Index to Past ComputerFAQ Columns:

(under construction)

July 05, 2000 Introduction to ComputerFAQ
July 12, 2000 Computer Definitions
July 26, 2000 More Computer Definitions
August 02, 2000 Defining Bits, Bytes and Hex
August 09, 2000 Internet Service Providers (ISP)
August 16, 2000 Backup up your PC
August 23, 2000 Backup Devices.
August 30, 2000 What is the slowest PC for Internet Access
September 06, 2000 PC Nomenclature
September 13, 2000What to do with Mail Attachements.
September 20, 2000What Happens at boot up
October 04, 2000Desktop Areas
October 18, 2000Start Button
October 25, 2000Display Made Bigger
November 01, 2000 More Monitor Controls
November 15, 2000 Right Click Display Menu
November 22, 2000 More on Desktop Menus
November 29, 2000 More on Desktop Menus
December 06, 2000 Desktop Properties Menu - part 1
December 13, 2000 Desktop Properties Menu - part 2
December 20, 2000 Desktop Properties Menu - part 3