Greenspun's comments about Microsoft's refusal to learn from others' mistakes rings painfully true in this article. Just as it took Unix and its key programs years to go from weak, convenience-oriented security to something trustworthy, Microsoft seems committed to pursuing the same path. I've refused to use Passport knowing the security track record of the company behind it, but this article makes all my concerns concrete. It will be a terribly funny day (in a tragic, comeuppance sort of way) when "production" Passport is cracked in a way that leads to the abuse of thousands of credit cards. And we all know that that day will come.
