Microsoft adds an ounce of hacking prevention to Hotmail
Microsoft introduced a new feature within Hotmail on Thursday that it hopes will assist the company in detecting compromised accounts, as well as prevent users from locking their accounts with passwords that are easily guessed by attackers. The company's thinking is that you will know your friend's account was hacked well before Microsoft would.
"When someone's account gets hijacked, their friends often find out before they do, because the hijacker uses their account to send spam or phishing email to all their contacts," Hotmail group program manager Dick Craddock said.
Hotmail is adding an option to the "Mark As" menu that says "My friend's been hacked!" Clicking on this option would send a report to Microsoft's servers. In turn, behind the scenes Hotmail's compromise detection system also works to determine if an account has been hacked.
If it is determined that the account has indeed been hijacked, the account is locked down. Essentially, the reporting function now acts as an additional layer of human confirmation of what Microsoft's compromise detection algorithms may believe. Microsoft, however, also is offering its compromise reports to other e-mail providers.
Craddock said the company had worked out arrangements with both Google and Yahoo to send reports to those providers as well. In all, since the feature was launched in a test phase several weeks ago, Craddock said it had already been used to detect and recover "thousands" of compromised accounts.
In an effort to prevent hacked accounts in the first place, Hotmail will soon block common passwords from being used. There are quite a few passwords out there that are used by thousands if not millions of users, making these accounts easy to hack.
The service will also begin asking those with common passwords to change them to less common and easily-guessed ones in the near future.