Hotmail Blocks Common Passwords, Adds My Friend's Been Hacked Reporting

Martin Brinkmann
Jul 14, 2011
Updated • Dec 16, 2014

Ghacks readers know that online security is of uttermost importance. That includes picking passwords that are not common like easy to guess or dictionary words.

The majority of Internet users on the other hand select convenience over security when it comes to their online passwords, or shall I say password. Many users pick a common password that they can easily remember, like qwertz, 123456, names or the almighty password password.

Problem is, malicious users know the common passwords and will try those first when they try to break into an online account.

Hotmail today has announced that the company has started to block common passwords to prevent users from using them. This provides better protection against brute force attacks. Dick Craddock, Hotmail group product manager notes that common passwords are not just password or 123456”, but also words or phrases like ilovecats or gogiants.

The feature will be rolling out soon. It will not affect users who use a weak password, at least not for now, but Microsoft hints at the possibility that this might change in the future. For now, only users who register a new Hotmail account or change their password are benefiting from the new ruling.

Microsoft furthermore suggests to add alternate account ownership "proof" to the Hotmail account, like a secondary email address, question and secret answer or a mobile phone number to aid in the recovery of accounts.

The second security related change is the new "my friend's been hacked!" feature which is available under the Mark As menu on Hotmail.

my friends been hacked

Friends are supposed to use the new reporting option when they know that their friend's account has been hacked. This is for instance the case when they receive spam emails from the friend's email address or when the friends notifies them about it.

Selecting the option gives Hotmail's compromise detection engine another factor or signal to identify a user account as hijacked, compromised or hacked.

When the detection engine comes to that conclusion it blocks account access so that it cannot be longer accessed by the spammer. It furthermore opens up account recovery options for the account owner. It is likely that the attacker's IP gets blocked in the process to prevent access to those recovery options.

Even better, Hotmail will report compromised email accounts to Yahoo Mail and Google Mail as well, so that these providers can use the information on their system.

Hotmail introduced the feature a few weeks ago to selected accounts.

Two security features, one to improve overall account security, the other to reduce the damage caused by hacked accounts. More information about Hotmail's new Security features are available at the official Windows Team Blog.

Update: The "My Friend's been hacked" feature is not available on recently.

Hotmail Blocks Common Passwords, Adds My Friend's Been Hacked Reporting
Article Name
Hotmail Blocks Common Passwords, Adds My Friend's Been Hacked Reporting
Microsoft announced two security additions to its Hotmail email service recently that improve security for all users of the service.

Tutorials & Tips

Previous Post: «
Next Post: «


  1. TRY said on July 15, 2011 at 5:55 pm

    It’s about time! Hope other e-mail providers follow similar approach as well.

  2. ilev said on July 15, 2011 at 11:43 am

    Wow, That the best ever way to tag people you hate as spammers and block them from Hotmail. What a fail.

    1. Martin Brinkmann said on July 15, 2011 at 11:54 am

      If it is used as one signal of many, it could work.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.