A few words on Azure security

The Azure security is offensively basic.

The fact that it only takes one Windows Live Id to log in and administer the Windows Azure account is just as scandalous as it would be if your bank were using only a login and a password to enter your online banking and manage transactions.

* By the way, if your bank uses anything less than an external keypad device to generate a random authentication every time you log in, then you should seriously consider finding a different bank to work with.

What security should be like, if we cared

What security should be like, if we cared

Anyway, the problem with using Windows Live Id is that it is not solely used to administer many other things aside from your Windows Azure account. Windows Live Id is a Single Sign On mechanism!

Let me see: would I use my Windows Live Id to log in to my bank? No.

Why would I use it as a login to one of the most valuable assets I have, then? My company data is not less valuable than my bank account data, and yet, the Windows Azure is as secure as my grandma’s goat barn.

What security should be if we didn't care too much (Windows Azure)

What security should be if we didn’t care too much (Windows Azure)

Funny story: sometimes I ride the train to work and as I stand there bored for 30 minutes, I inevitably see someone typing their password to log in to Facebook, MSN, Twitter or whatever service you like. And I can’t really help but notice the characters entered…

My point is, that it is just a matter of riding the train more often until I manage to see someone entering their Windows Live Id and password on their mobile device. Or someone administering their Azure portal from the tablet device on the train.

As a conclusion: I don’t see how I would be using Azure before the security is improved.

 

 

Comments are closed.