I've spent a lot of time bad-mouthing .NET Passport this year in .NET UPDATE, but Microsoft finally seems to be addressing customer complaints and making the service more useful. In this issue, I examine the changes Microsoft is making to .NET Passport and how the service has evolved over time.
Like many so-called .NET technologies, .NET Passport began life long before .NET ever existed. And .NET Passport's background is particularly interesting because the service was originally developed by Firefly Network, a small Massachusetts company, in the mid-1990s. The Firefly Passport service was designed to provide personalized experiences on the Web; the service could recommend Internet content to users based on the sites that users visited and could also provide targeted advertising to users. Microsoft bought Firefly Network in early 1998, promising to make the smaller company's privacy technologies widely available to Microsoft's customers.
After Firefly moved to Microsoft's Redmond campus, the software giant set about transferring Firefly's technology into Microsoft Passport, originally billed as a universal Web registration system. The service provided a single sign-on (SSO) that users could employ on protected Web sites that required user logons, and also provided eWallet services, so that users wouldn't need to reenter their credit card information each time they visited e-commerce sites. The company introduced its Microsoft Passport service in March 1999.
However, Microsoft wasn't able to enlist many Web sites or consumers to use Passport, so the company later integrated the technology into many of its connected products, including MSN, MSN Hotmail, MSN Messenger, and, finally, Windows itself in the late 2001 Windows XP release. By making Passport registration a requirement for these products, Microsoft was ostensibly able to make Passport a fairly popular service, but it's no exaggeration to say that few users were interested in Passport per se. Instead, most customers subscribed to Passport because they had to in order to use a product, typically Hotmail, that they did want. Eventually, Microsoft overhauled Passport, like so many other products, to make it a .NET technology and later renamed the service .NET Passport.
As I discussed in the August 22, 2002, .NET UPDATE, Microsoft recently settled with the Federal Trade Commission (FTC) over complaints about deficiencies in .NET Passport's privacy and security features. Part of this settlement requires the company to beef up the service's security and privacy to better protect users. This week, concrete evidence of these changes is finally emerging, although I should note that Microsoft has been working on some of these changes for some time. Here's what we know so far.
First, the company has begun notifying .NET Passport users—primarily Hotmail account holders—about certain changes to security. A primary policy change is that new .NET Passport customers can't supply a bogus email address when joining the service, as was acceptable in the past. This policy change addresses the problem of malicious users appropriating an innocent user's email address to open a .NET Passport account, a practice that garnered many complaints. Second, Microsoft has redesigned its authentication services so that the servers that host .NET Passport's logon Web pages are on a different network than the servers that host the service's authentication components. This change will make it harder for hackers to spoof Passport's authentication components, Microsoft says.
Additionally, Microsoft is making it possible to change a Kids Passport account into a standard .NET Passport account. The company made this change so that users who register for .NET Passport and enter the wrong birth date by mistake (thus accidentally creating a Kids Passport account) can easily convert the account to .NET Passport. The company will require a credit card or similar proof-of-adulthood for a user to make this change, however.
Also, users can close their .NET Passport accounts much more easily now. Doing so was difficult or even impossible in the past. Now, users can access an online tool to close a .NET Passport account.
Finally, Microsoft has released a new version of its eWallet feature and will phase the new version in to .NET Passport through next March. A number of retailers, such as Blue Nile, FogDog Sports, Kmart, Nordstrom, OfficeMax, RitzCamera.com, and The Sports Authority, have enlisted in the new service, dubbed MSN Wallet, although whether MSN Wallet will be any more successful than eWallet is anybody's guess. The difference this time around is that MSN Wallet is more streamlined than eWallet and is integrated with MSN eShop sites, offering users fewer logon requirements. The company is planning future promotions—such as online coupons and member-only special deals—to drive MSN Wallet usage.
These changes mean .NET Passport is becoming safer, easier, and more secure, and that the oft-touted but little used eWallet functionality might actually start getting a workout. Whether users will embrace a central eWallet is unclear, of course, but seeing Microsoft refine a service that should be crucial to the future of the Web is heartening. Seeing how the company promotes and expands MSN Wallet will be interesting.