Microsoft admits 'Passport not secure enough'

NEWS Microsoft has admitted its Passport platform isn't yet good enough for banking applications. But the software giant responded to the avalanche of angry feedback following Egg's decision to adopt Passport by insisting it will work with Egg and others to make it secure enough for online banking. Microsoft has also admitted it has a mountain to climb in terms of user acceptance of the system. Richard Hamblen, Microsoft's .NET UK marketing manager, said: "We recognise that currently Passport isn't fit for doing banking transactions, right now there are certain applications it's not suited to. But this is why we are working with people like Egg to get it up to that level." His words mirrored those of Dana Cuffe, CIO of Egg, who spoke to silicon.com on Friday. Cuffe said: "Microsoft and Egg would never roll out anything that wasn't absolutely secure for banking. Passport is moving towards this goal, which is why we are adding the ability to include extra levels of authentication such as smartcards and biometric tests to the system." He also insisted the single sign-on model exemplified by Passport was inherently more secure than other web security models and would be the best way to ensure consumer safety. The comments come after silicon.com revealed Egg's intention to move towards using Passport to authenticate its customers, prompting a huge response from nervous Egg customers unhappy about Microsoft's record on security. Hamblen admitted customer perception is a problem, but insisted people were confusing highly publicised problems with Microsoft's IIS software with Passport. He said: "We have a lot of work to do on our reputation - this is undoubtedly going to be a long journey for us, we know we've got to build trust." He denied the development of Microsoft's over-arching .NET strategy will be stymied by the fears over Passport, one of the foundations of the strategy. Hamblen's assertions about the strength of Passport came despite news over the weekend that a flaw was uncovered which could give hackers access to customer details. Microsoft says the problem has been solved.