Comments on: Gates: End to passwords in sight

With Windows Vista, the Microsoft chairman feels he has the right weapons to supplant PC passwords.
Photos: Gates takes the stage at RSA
Image: A look at InfoCards

[n3td3v]

Honey, I killed the script kids

See: http://news.com.com/5208-12-0.html?forumID=1&threadID=13978&messageID=114207&start=-1&reply=true

[Macsaresafer]

Yada, yada, yada...

InfoCards? Don't you mean Keychain, Mr Gates? Why are you always
producing bad copies of other people's work?

I'll give him this though, the man has serious stones. Who else has
the nerve to make a defective product and then sell partial
solutions to the problems they've caused a la Windows Defender?

[rcrusoe]

Makes sense to me

It's never been very hard to get into a Windows computer without the password. Might as well get rid of them. :)

[n3td3v]

Right on!

Can't think of a better thing to say... since the RSA is the laughing stock of the industry right now if anything thats been published on Cnet is anything to go by.

[Retnuh1337]

Just another way

This is just another way that Gates can keep a grip on all of us and his company be the means.

[mgreere]

What?

If security is actually the issue, why not simply promote retinal,
fingerpriint, or skin pattern scans?

A card would unnecessarily duplicate information that service
providers already store... and put it in a nice, stealable format.

Exactly what does an infocard give the consumer?

[zaide]

Gates sees end tp passwords in sight

Another way of getting our security information.

[aabcdefghij987654321]

Microsoft's plan to eliminate passwords revealed!

When you use Microsoft products, trust personal data stored using Microsoft technologies, or even do business with a company that does; Why put a password on anything at all? It has been proven time and again for 10 years now, Microsoft products used on a network pale in comparison to other competitive products regarding security. Microsoft's secret to managing passwords is to drop the support for passwords entirely, why bother when that Microsoft product will be hacked in to eventually anyhow? Question the businesses you deal with, and let the ones you avoid know why in that you don't trust so much as your first name to be stored on a MS system. I changed banks because one was migrating to an insecure Microsoft based system. "We're a small bank...can't afford to build one from scratch...outsourced...they use IIS..." (IIS is MS's Insecure Information Server, FYI)

[jeromatron]

Mac OS X keychain, biometrics, etc.

So how is this any different than an OS wide password manager,
like the Keychain in Mac OS X?
There are comparable tools and utilities on linux.
I'm all for getting rid of password management and I love
Keychain.
I can see that it would be cool to have something more like
biometrics or a security card, which have been implemented in
various forms for at least 5-10 years anyway on PCs. When I
worked at Novell in 2001, there were ways to get into the
eDirectory using biometrics fairly simply, and thus into Windows
2000, via the Netware client.
I hope this gets traction, but to give the impression that
Microsoft is inventing it, well, that's just Microsoft. They
wouldn't know innovation if it came up and bit them in the face.

[R. U. Sirius]

Biometrics are not foolproof

>I can see that it would be cool to have
>something more like biometrics or a security
>card, which have been implemented in various
>forms for at least 5-10 years anyway on PCs.

In large wide scale deployments, biometrics are probably an extremely bad idea. Biometrics can be compromised. Example, if someone were to steal your fingerprints, you're forever compromised since you only have one set.

Biometrics are better designed for specialized situations in closed environments as opposed to the open environment of the Internet.

As for security cards, I personally would never use one that was issued by Microsoft. I might use one that was issued by my bank, and then only for bank related activities.

[Terry Gay]

Include This Smart Card for Hotmail-Please!

My Hotmail account is hacked every day. I hope Gates will include these smart cards for Hotmail logins. Users should declare which type of security entry they want to use: smart cards or passwords. After someone declares for a smart card, when their name comes up for a login in Hotmail or any other Passport login, the password window should be gone. I'm tired of hackers in the Netherlands, Denmark, Germany and Russia trying to steal my identity. Please hurry up and make this a reality for Hotmail Bill. I'm glad someone at Microsoft is finally addressing this pandemic problem.

[jasmr]

How do you mean hacked?

Sorry I replied to the whole story not this post. I am really curious to know what you mean by having your Hotmail account being hacked.

[arcadefx]

Windows Defender

Ok, I downloaded it, ran it and it said my system was clean.

I ran "SpyBot Search & Destroy" and "Lavasoft Ad-aware" on the same box. They both found stuff, 10-14 things.

What is Windows Defender defending?

[Macsaresafer]

It is defending

Microsoft's income stream. Nothing else.

[jharder]

Inspired by...

Bill must have found Keychain while he was tearing OS X apart to
find more "inspriation" for Vista's "innovation".

[Bob Brinkman]

I never realized

That Apple invinted the smartcard. I mean, I knew the wheel, thermodynamics and the automobile was all Steve Job's doing.

[209979377489953107664053243186]

There are already non-password solutions out there

Gates is right, but he's not the first to say that passwords and key enchanges are onerous and problematic. Essential Taceo offers encryption and DRM authoring controls without the need for password exchange, but instead works similar to Acrobat - you just need to download and register for Taceo, which is free, to view protected email and attachments.

http://www.essentialsecurity.com/features.htm

Acrobat? That's your golden standard?

We've all seen how successful Adobe was with trying to protect PDFs...not very. I can pick up a PDF password cracker in my cereal box these days ¬_¬

[jasmr]

How do you mean hacked?

I am really curious to know what you mean by your Hotmail account being hacked?

[sroyeton]

End to passwords?

Although this is something to enjoy, if Micro$oft is developing it, it will be difficult to use, full of holes (security) and need to be updated every few months.

[GTOfan]

two-faced?

I bought a Microsoft fingerprint keyboard, so I could get rid of my passwords list, or at least not have to type them in everytime I start a program or visit a website.

Guess what? I find after the purchase that Microsoft warns not to use the fingerprint reader for anything important because the file where the collection of web-passwords is kept is apparently unencrypted or minimally encrypted on the hard drive. Now really, how hard would it be to secure the file with a bazillion-bit encryption built into the reader-driver?

Is this M$'s idea of security? Looks good on the surface, but is easily circumvented if someone gains access to your computer?

[ahickey]

Anti-Spyware Comment

Having MS provide the default anti-spyware app effectively gives them control of what goes on and what is kept off your system.
Now that's control.

With the InfoCard system I expect (much like Passport) they will also have some control over what you are doing.

So, they control what goes on or stays off your system and also knows where you are accessing.

It's nice to see the status-quo has been maintained.

[Earl Benser]

Ol' Bill could be right....

... but the InfoCard certainly isn't the answer. At least, nothing MS
has said so far gives the concept any credibility as a password
replacement. After Passport, and now InfoCard, I think that I'll stay
with passwords.

[wbenton]

Good one Billy... (* ROFLOL *)

So how does one go about using that InfoCard? Just slot it in the PC and away you go? (* ROFLOL *)

There would have to be some kind of password protection to the card itself or else anybody could just slot it in and away they go.

Sorry Billy... but this wet dream about doing away with passwords has already curdled.

Walt

[DeusExMachina]

For heaven's sake, read this before you post

In a probably poinless attempt to prevent further unecessary, misinformed postings, please note:
INFO CARD IS NOT AN ACTUAL CARD. There is no mag stripe, no smart chip, no plastic, no card reader. It is a SOFTWARE authentication system that saves a user from having to transmit personal or financial information.
InfoCard is only a NAME. Seriously, does anyone even bother to read anymore?