Hotmail forces password update with new security features - GMANews.TV

Microsoft has introduced two new measures in its Hotmail service to combat the hijacking of email accounts, including forcing users to strengthen their passwords.

Dick Craddock, group program manager for Hotmail, said they had noticed many accounts have weak passwords that make them easy targets for hijackers.

"We will now prevent our customers from using one of several common passwords. Having a common password makes your account vulnerable to brute force 'dictionary' attacks, in which a malicious person tries to hijack your account just by guessing passwords (using a short list of very common passwords)," he said in a blog post.

He said "common passwords" include words or phrases that just happen to be shared by millions of people, like "ilovecats" or "gogiants."

Craddock said the new feature will prevent a Hotmail user from choosing a very common password when signing up for an account or changing a password.

"If you're already using a common password, you may, at some point in the future, be asked to change it to a stronger password," he said.

Users may also be asked to provide proofs, including an alternate email address, a question and secret answer, and, even a mobile number that Microsoft can reach via text message.

A second mechanism lets a Hotmail user report a friends email account as compromised.

"When you get that spam message supposedly from your friend, you just click 'My friends been hacked!' on the 'Mark as' menu," Craddock said.

One can also report an account as compromised by marking a message as junk or otherwise move a message to the Junk folder.

"When you report that your friends account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked. It turns out that the report that comes from you can be one of the strongest 'signals' to the detection engine, since you may be the first to notice the compromise. So, when you help out this way, it makes a big difference!" Craddock said.

Once the account is marked as compromised, the person using it is put through an account recovery flow that helps take back control of the account.

Craddock said the new mechanism allows other email providers like Yahoo! and Gmail to receive these compromise reports from Hotmail.

"So now, in Hotmail, you can report any email account as compromised, and Hotmail will provide the compromise information to both Yahoo! and Gmail," he said.

So far, he said accounts reported as compromised are typically returned to the rightful owner "within a day." TJD, GMA News

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS
Read Comments

0 comments:

Post a Comment