OK.. Just one more thing after reading Livingston articles (which I think were a waste of time by a known Microsoft basher).

Passport - Ruffles is correct, you don't have to sign-up for passport. The big thing is that Livingston claims Passport continuely sends out your password. THIS IS WRONG WRONG WRONG. Passport uses the authentication scheme called Kerberos which is a distributued network authenication scheme created at MIT.

Here is a little description:
Kerberos
A scheme for establishing an authenticated identity for a user and sharing that identity securely with distributed computing services, the Kerberos protocol is named for a three-headed dog that guarded the entrance to Hades. Kerberos authenticates a user using a combination of their identifier (or principal) and a password known only to them. It can also encrypt communication across networks.
An application is said to be kerberized if it can supply or retrieve authentication information using the kerberos protocol.

Using this scheme the users password is only sent over the network ONCE (when you signup for a Passport account). And when that password is sent it is encrypted using Triple DES.

When a user goes to a passport site, a request is sent to the passport server. The server then creates an encrypted ticket for you and sends it back to your computer. If your password (either stored on your computer or in your brain) can open the ticket, you are then allowed to enter the website you are trying to get into. To add more security, tickets expire within a short timeframe.

Hope that helps clear up Passport security a little.