Windows guru Brian Livingston: Your Passport, please: “Windows 9x and Me store your user name and password as plain text in memory every time you dial an ISP and store the text for 10 minutes after you’ve disconnected. Many PCs are silently infected with Trojan horses that can easily read this information. People who use Microsoft’s Passport authentication system, as all Hotmail customers are required to do, are likely to choose the same password for Passport and their dial-up account. With this password, a hacker can access any credit card numbers or other accounts that Passport has recorded.

(Microsoft) apparently decided not to issue a patch because users can upgrade to Windows NT/2000/XP, all of which correctly encrypt the sensitive information.” InfoWorld