EU data protection regulators have indicated they remain concerned about online authentication. They ended a two-day meeting in Brussels by recommending further scrutiny for Microsoft's Passport and similar services from other companies.
But they have stopped short of launching a formal investigation.
Passport is by far the most widely-used system for remembering multiple passwords for online services.
The aim is to allow users to quickly access personal information and make purchases without re-typing their details.
It's the lynchpin of Microsoft's .NET strategy to extend its products and services on to the internet.
The regulators, who meet monthly, were responding to complaints that Passport collects information without the user's knowledge.
They said "a number of elements raise legal issues and, therefore, require further consideration", but refused to characterise the process as a formal investigation.
Microsoft has insisted that Passport fully complies with European laws.
Senior attorney Peter Fleischer said the company "remains committed to continued, open dialogue with national authorities... to help us improve our products and to enhance privacy-enabling technologies".