Microsoft account

Microsoft account allows users to sign into websites that support this service using a single set of credentials - these usernames are in the same form as an email address.

A new user signing into a Microsoft account-enabled website is first redirected to the nearest authentication server, which asks for username and password over an SSL connection.

[9] Microsoft Passport, the predecessor to Windows Live ID, was originally positioned as a single sign-on service for all web commerce.

As a consequence, Microsoft Accounts are not positioned as the single sign-on service for all web commerce, but as one choice of many among identity systems.

A Linux consultant, Michael Chaney, paid it the next day (Christmas), hoping it would solve this issue with the downed site.

[11] In Autumn 2003, a similar good Samaritan helped Microsoft when they missed payment on the "hotmail.co.uk" address, although no downtime resulted.

As part of the settlement, Microsoft was required to implement and maintain a comprehensive security program, as well as being prohibited from misrepresenting information practices.

[18] In August 2009, Expedia sent notice out stating they no longer support Microsoft Passport / Windows Live ID.

[25][26] On June 17, 2007, Erik Duindam, a web developer in the Netherlands, reported a privacy and identity risk, saying a "critical error was made by Microsoft programmers that allows everyone to create an ID for virtually any e-mail address.

The verification link then caused the Windows Live ID system to confirm the account as having a verified email address.

The company was notified of the flaw by researchers at Vulnerability Lab on the same day[29] and responded with a fix within hours — but not before widespread attacks as the exploitation technique spread quickly across the Internet.