Ghacks readers know that online security is of uttermost importance. That includes picking passwords that are not common like easy to guess or dictionary words.
The majority of Internet users on the other hand select convenience over security when it comes to their online passwords, or shall I say password. Many users pick a common password that they can easily remember, like qwertz, 123456, names or the almighty password password.
Problem is, malicious users know the common passwords and will try those first when they try to break into an online account.
Hotmail today has announced that the company has started to block common passwords to prevent users from using them. This provides better protection against brute force attacks. Dick Craddock, Hotmail group product manager notes that common passwords are not just password or 123456”, but also words or phrases like ilovecats or gogiants.
The feature will be rolling out soon. It will not affect users who use a weak password, at least not for now, but Microsoft hints at the possibility that this might change in the future. For now, only users who register a new Hotmail account or change their password are benefiting from the new ruling.
Microsoft furthermore suggests to add alternate account ownership "proof" to the Hotmail account, like a secondary email address, question and secret answer or a mobile phone number to aid in the recovery of accounts.
The second security related change is the new "my friend's been hacked!" feature which is available under the Mark As menu on Hotmail.
Friends are supposed to use the new reporting option when they know that their friend's account has been hacked. This is for instance the case when they receive spam emails from the friend's email address or when the friends notifies them about it.
Selecting the option gives Hotmail's compromise detection engine another factor or signal to identify a user account as hijacked, compromised or hacked.
When the detection engine comes to that conclusion it blocks account access so that it cannot be longer accessed by the spammer. It furthermore opens up account recovery options for the account owner. It is likely that the attacker's IP gets blocked in the process to prevent access to those recovery options.
Even better, Hotmail will report compromised email accounts to Yahoo Mail and Google Mail as well, so that these providers can use the information on their system.
Hotmail introduced the feature a few weeks ago to selected accounts.
Two security features, one to improve overall account security, the other to reduce the damage caused by hacked accounts. More information about Hotmail's new Security features are available at the official Windows Team Blog.
Update: The "My Friend's been hacked" feature is not available on Outlook.com recently.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.