For a while now Bill Gates, has bemoaned the inherent security risk associated with passwords, but at the RSA Conference in 2006, Microsoft’s head honcho outlined a new identification technology called InfoCard designed to make life simpler for users on the Net.
Passwords are difficult to remember and easy targets for phishers who look to tempt the unwary into giving up their precious details. Coming up with a workable alternative, however, has taxed the minds of many with some banks looking to a token based two-factor authentication system.
InfoCard technology holds out the possibility that users will be able to sign into a website without the need to type in a password or username. I know this sounds suspiciously like Microsoft’s ill-fated Passport scheme, but this time there is a big difference: InfoCard is a federated identity system with no information held on Microsoft’s servers, avoiding the whole all of your eggs in one basket scenario.
In effect the technology will act as a kind of “virtual wallet” where users can store the details and password that they can use to identify themselves on various sites, much like your wallet stores a number of different credit cards.
You can read more about how the technology works at Kim Cameron’s Identity Blog.
InfoCard has been talked about before but the conference marked the first time the software giant has shown how it might work. The software giant is putting its money where its move is and will integrate InfoCard into Windows XP, the forthcoming, if forever delayed, Vista, and Internet Explorer 7.
Ultimately, however, whether the technology takes-off will depend not on Microsoft but on the banks and whether web site owners will undertake the necessary development work essential for the technology to work.
Only time will tell if Microsoft’s second stab at identity management proves anymore successful than the ill-fated Passport, now largely reduced to a login for MSN sites.