Hotmail Blocks Common Passwords, Adds My Friend's Been Hacked Reporting
Ghacks readers know that online security is of uttermost importance. That includes picking passwords that are not common like easy to guess or dictionary words.
The majority of Internet users on the other hand select convenience over security when it comes to their online passwords, or shall I say password. Many users pick a common password that they can easily remember, like qwertz, 123456, names or the almighty password password.
Problem is, malicious users know the common passwords and will try those first when they try to break into an online account.
Hotmail today has announced that the company has started to block common passwords to prevent users from using them. This provides better protection against brute force attacks. Dick Craddock, Hotmail group product manager notes that common passwords are not just password or 123456â€, but also words or phrases like ilovecats or gogiants.
The feature will be rolling out soon. It will not affect users who use a weak password, at least not for now, but Microsoft hints at the possibility that this might change in the future. For now, only users who register a new Hotmail account or change their password are benefiting from the new ruling.
Microsoft furthermore suggests to add alternate account ownership "proof" to the Hotmail account, like a secondary email address, question and secret answer or a mobile phone number to aid in the recovery of accounts.
The second security related change is the new "my friend's been hacked!" feature which is available under the Mark As menu on Hotmail.
Friends are supposed to use the new reporting option when they know that their friend's account has been hacked. This is for instance the case when they receive spam emails from the friend's email address or when the friends notifies them about it.
Selecting the option gives Hotmail's compromise detection engine another factor or signal to identify a user account as hijacked, compromised or hacked.
When the detection engine comes to that conclusion it blocks account access so that it cannot be longer accessed by the spammer. It furthermore opens up account recovery options for the account owner. It is likely that the attacker's IP gets blocked in the process to prevent access to those recovery options.
Even better, Hotmail will report compromised email accounts to Yahoo Mail and Google Mail as well, so that these providers can use the information on their system.
Hotmail introduced the feature a few weeks ago to selected accounts.
Two security features, one to improve overall account security, the other to reduce the damage caused by hacked accounts. More information about Hotmail's new Security features are available at the official Windows Team Blog.
Update: The "My Friend's been hacked" feature is not available on Outlook.com recently.
Wow, That the best ever way to tag people you hate as spammers and block them from Hotmail. What a fail.
If it is used as one signal of many, it could work.
It’s about time! Hope other e-mail providers follow similar approach as well.