Hotmail Blocks Common Passwords, Adds My Friend's Been Hacked Reporting - gHacks Tech News

Hotmail Blocks Common Passwords, Adds My Friend's Been Hacked Reporting

Ghacks readers know that online security is of uttermost importance. That includes picking passwords that are not common like easy to guess or dictionary words.

The majority of Internet users on the other hand select convenience over security when it comes to their online passwords, or shall I say password. Many users pick a common password that they can easily remember, like qwertz, 123456, names or the almighty password password.

Problem is, malicious users know the common passwords and will try those first when they try to break into an online account.

Hotmail today has announced that the company has started to block common passwords to prevent users from using them. This provides better protection against brute force attacks. Dick Craddock, Hotmail group product manager notes that common passwords are not just password or 123456”, but also words or phrases like ilovecats or gogiants.

The feature will be rolling out soon. It will not affect users who use a weak password, at least not for now, but Microsoft hints at the possibility that this might change in the future. For now, only users who register a new Hotmail account or change their password are benefiting from the new ruling.

Microsoft furthermore suggests to add alternate account ownership "proof" to the Hotmail account, like a secondary email address, question and secret answer or a mobile phone number to aid in the recovery of accounts.

The second security related change is the new "my friend's been hacked!" feature which is available under the Mark As menu on Hotmail.

my friends been hacked

Friends are supposed to use the new reporting option when they know that their friend's account has been hacked. This is for instance the case when they receive spam emails from the friend's email address or when the friends notifies them about it.

Selecting the option gives Hotmail's compromise detection engine another factor or signal to identify a user account as hijacked, compromised or hacked.

When the detection engine comes to that conclusion it blocks account access so that it cannot be longer accessed by the spammer. It furthermore opens up account recovery options for the account owner. It is likely that the attacker's IP gets blocked in the process to prevent access to those recovery options.

Even better, Hotmail will report compromised email accounts to Yahoo Mail and Google Mail as well, so that these providers can use the information on their system.

Hotmail introduced the feature a few weeks ago to selected accounts.

Two security features, one to improve overall account security, the other to reduce the damage caused by hacked accounts. More information about Hotmail's new Security features are available at the official Windows Team Blog.

Update: The "My Friend's been hacked" feature is not available on Outlook.com recently.

Summary
Hotmail Blocks Common Passwords, Adds My Friend's Been Hacked Reporting
Article Name
Hotmail Blocks Common Passwords, Adds My Friend's Been Hacked Reporting
Description
Microsoft announced two security additions to its Hotmail email service recently that improve security for all users of the service.
Author

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. ilev said on July 15, 2011 at 11:43 am
    Reply

    Wow, That the best ever way to tag people you hate as spammers and block them from Hotmail. What a fail.

    1. Martin Brinkmann said on July 15, 2011 at 11:54 am
      Reply

      If it is used as one signal of many, it could work.

  2. TRY said on July 15, 2011 at 5:55 pm
    Reply

    It’s about time! Hope other e-mail providers follow similar approach as well.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.