Hotmail Announces Email Security Updates
Microsoft on Monday said that they started to improve the email service Hotmail with security updates to protect legit user accounts from being hijacked.
The term hijacker refers to malicious users who manage to get access to email accounts of Hotmail users, either by brute force, phishing or other forms of social engineering.
Like Microsoft, Hotmail users need to understand security concepts to keep their accounts safe. To support their users, Microsoft has created a short list of tips to protect the account. The list includes the following security tips:
- Create a strong password
- Use antivirus software
- Add security information to your account
- Don’t sign in on a computer you don’t trust
- Don't share your password
- Check the address that appears in the address bar when you sign in
Microsoft has identified a shift in the strategy of hijackers, who in the past used newly created accounts for spamming purposes. Better recognition cut down on the effectiveness of those methods, which is why hijackers have started to target legit email accounts as well.
With today’s release, we are taking a step forward by detecting compromised email accounts, those co-owned by the legitimate user and the hijacker. We detect them with high confidence using heuristics based on login and account activity, and stop the abuse by locking the hijacker out and closing back doors they may have set up, like using vacation auto reply messages to send spam. At the same time, we begin working with the rightful owner to reclaim the account, recognizing the urgency of the issue.
Hotmail is now able to detect accounts that have been hijacked, and makes use of automatic routines to lock the hijacker out of the account, and work with the account owner to restore the account. Up until now, account owners were able to use an alternative email address that they setup or the answer to a security question to restore an account. From today on, two additional proofs are available for account recovery:
“Trusted PC†is a unique new proof that lets you link your Hotmail account with one or more of your personal computers. Then, if you ever need to regain control of your account by resetting your password, you simply need to be using your computer and we will know you are the legitimate owner.
The second new proof option is your cell phone number, where Hotmail will send a secret code via SMS that can be used to reset your password and reclaim your account.
Both new proofs can be configured in the Account overview window. To avoid the changing of those proofs by hijackers, changes to them users now need to access one existing proof to do so. A hijacker therefor would need access to the security answer, secondary email account, mobile phone or trusted PC to change the proofs.
Email providers like Hotmail do good to improve the security of their services, considering that they really missed out on those improvements over the past years.
