In an effort to beef up its security measures, Microsoft has introduced two new measures in its Hotmail service to address the problem of hijacking of email accounts. The first is a ban on using common or flimsy passwords like 123456 or password to prevent them for getting targeted by hackers who deploy trial and error techniques to crack passwords.
Dick Craddock, Microsoft's group program manager for Hotmail said that the new feature would be implemented soon and would prevent Hotmail users from choosing a very common password while signing up for an account or changing the password on an existing one.
If you're already using a common password, you may, at some point in the future, be asked to change it to a stronger password, he added.
Users may also be asked to provide proofs, including an alternate email address, a question and secret answer, and, even a mobile number that Microsoft can reach via text message.
Craddock further posted on the Microsoft blog the such measures were being undertaken as Having a common password made a user's account vulnerable to brute force 'dictionary' attacks, in which a malicious person tries to hijack your account just by guessing passwords
According to Craddock common passwords like ilovecats or gogiants were shared by millions of people.
The second feature is a new option on the mark as menu in Hotmail called 'My friend's been hacked! to address viruses and spam and help users regain control of their account as soon as possible.
Often Hotmail users receive strange spam email from their contacts - usually a virus or malware that somebody has clicked from another email. Now users have a way of combating that by choosing the My friend's been hacked! option. An automated message will be sent to Microsoft and the email account in question will then be put through Microsoft's compromise detection engine to determine if it has in fact been used for illegitimate spam purposes.
If detected that the account has in fact been used for such purposes, then the account will be blocked to spammers and put through a recovery process to ensure the owner of the account regains full control.
This feature is also handy to detect if an account has been hacked as usually a user can identify whether a friend's account has been compromised because the hacker would use the account for uncommon activity, such as sending phishing emails or spam to the friend.
We've had this feature turned on for only a few weeks, and we've already identified thousands of customers who have had their accounts hacked and helped those customers reclaim their account, said Mr Craddock.
Microsoft said alerts will also be shared with Google and Yahoo! when a Hotmail user receives spam from a friend's Gmail or Yahoo! Mail account.
Following the increasing instances of cyberhacks, Microsoft's new measure to force users to come up with stronger passwords is indeed a progressive step towards combating email hijacking.