Skip navigation

Microsoft Improves Hotmail Security

I'm currently plotting my migration away from Gmail and to Microsoft's email services, so this is interesting timing for me. In the past few weeks, Microsoft has announced a number of improvements to its free web-based email service, Hotmail. And while I had covered one of the previous updates, regarding dramatic performance improvements, I'm a bit behind on two others. They're equally important.

SSL support

Last year, Microsoft added full-session HTTPS encryption (SSL) support to Hotmail, allowing customers to access the service via the web in a far more secure manner. But customers who enabled this feature then lost the ability to access Hotmail through Microsoft's desktop email clients, Windows Live Mail and Outlook (the latter via Outlook Connector). So those who wished to access Hotmail via an application had to disable secure SSL support.

About 10 days ago, however, Microsoft announced that this limitation is over: The company is now allowing SSL protection via Windows Live Mail and Outlook, so you'll no longer need to choose. Furthermore, the number of Windows Live web sites that support SSL has been dramatically increased, Microsoft says, though I don't see a list anywhere.

You can (and should) enable SSL support for Hotmail and other Windows Live services through the Windows Live account management site.

Account hijacking

You've all seen this: You receive a spam email, but it's from someone you actually know (a friend, family member, or other contact), and it typically comes from an older Hotmail- or AOL-based email account that maybe they've stopped using. (Though not always.) This is called account hijacking, and it's a brilliant way to spread viruses and other malware because less sophisticated users will click on hyperlinks in the messages. After all, the email is from a trusted sender. So what could go wrong?

Microsoft implemented account hijacking protection in Hotmail last year, but this past week the company announced a few new features that will help further combat this issue.

First, there's a new "My friend's been hacked!" choice in the "Mark As" menu in the web-based Hotmail interface. (I'd like to see this appear in Windows Live Mail and Outlook, too. Hint, hint.) This lets you quickly alert Microsoft that an account has been compromised so that it can monitor the behavior of the account. If it is indeed sending out spam, Microsoft will prevent its use in that fashion and your contact will be forced through an account recovery process the next time they logon.

(Interestingly, this feature works with Gmail and Yahoo Mail accounts, too, according to Microsoft: "those providers will now be able to use the compromise reports in their own systems to recover hacked accounts.")

Second, Hotmail is now actively preventing customers from using one of several common passwords, such as "password" or "123456". If you try to use a ridiculous password with Hotmail, you'll be denied. This new feature will be rolling out soon, Microsoft says. But what appears to be missing is a proactive scan of existing passwords, where easy passwords are flagged and those account holders are forced to change to something more secure. Perhaps that will come in the future.

On a related note, Microsoft says you can also make your Hotmail account (and thus your Windows Live ID) more secure by using account proofs.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.