SAN JOSE, Calif.—Microsoft chairman Bill Gates, speaking on Feb. 14 at the RSA Conference here, acknowledged that weaknesses in the “trust ecosystem” could put a damper on the future of secure digital computing.
Gates pointed to the tangled state of password management as one area that needs desperate improvement and issued a call for partners in the industry to help build trust among computer users.
“If you look at the security systems that are out there, we are not achieving simplicity. The number of things people have to keep track of is probably an order of magnitude more than it needs to be. If theres an area where we absolutely have to do dramatically better, this is it,” Gates said.
In a presentation that included the first public demo of Microsofts InfoCard federated ID initiative, Gates described existing password systems as a major “weak link” and urged a big push toward trust-based, multifactor authentication systems to help solve the problem.
“Password systems [today] just arent cutting it,” he said. “Im not pretending that were going to move away from passwords overnight, but for corporate systems, this change can happen over three to four years.”
He said Microsoft, based in Redmond, Wash., would release within the next year a set of technologies built on an identity metasystem and a new version of the Active Directory service, which will include an identity provider that integrates with the identity metasystem.
Gates said InfoCard will be delivered as part of WinFX, the companys managed code programming model, and will support Windows Internet Explorer 7 on Windows Vista, Windows XP Service Pack 2, and Windows Server 2003 Service Pack 1 and R2.
When IE 7 ships later this year, the browser will use color-coded schemes to help users identify trusted Web sites and to sound a warning if a Web site is trying to download malicious software onto the users computer.
Microsoft said it believes InfoCard will reduce the reliance on user name and password authentication and help deal with the rise in phishing and other identity theft attacks.
During his hour-long speech, Gates urged the industry to adopt four principles to help drive a vision of a secure computing world: a trust ecosystem, security engineering, simplicity and fundamentally secure platforms.
He spoke of Microsofts advances in the four areas, touting the SDL (Security Development Lifecycle) as a significant model for helping businesses create Internet-facing products with security atop the priority list.