We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Hotmail gets new security features

Users can reclaim hijacked webmail accounts

Microsoft has added new security features to its Windows Live Hotmail webmail service to help users regain control of hijacked accounts.

Citing a trend of spammers seizing legitimate accounts, Microsoft said it was kicking off new techniques to sniff out compromised Hotmail accounts, as well as giving users more ways to reclaim inboxes snatched by criminals.

Microsoft first touted the features in May, before it rolled out a massive Hotmail upgrade.

Rather than rely on an alternate email address and a single secret question-answer pair for resetting an account password, Hotmail now lets a user set one or more 'trusted PCs' or a mobile phone as proof that he/she is the real owner of the account, said Dan Lewis, a senior product manager with the Hotmail team.

"On other services, if a spammer has [an account's] password, he can change the [password reset] proofs," said Lewis. "But recognising that more accounts are being targeted for comprising, we're not going on the assumption that you only need one proof to reset the password."

In one of the most famous abuses of a password reset feature, University of Tennessee student David C. Kernell got control of the Yahoo Mail account of Sarah Palin during the 2008 presidential election by answering a single security question.

Kernell was later convicted on a federal felony charge and a federal misdemeanor charge.

Instead, Hotmail users can now tag multiple PCs - Lewis wasn't sure of how many, only that more than one was possible - as a proof. Users locked out of their account by a hijacker can regain control simply by logging in from one of the previously-set trusted machines.

To use a PC as proof, users must have installed Windows Live Essentials, a suite of for-free applications Microsoft offers for download.

Users can also enter a mobile number as another proof. That phone will then receive an unlocking code via a text message when the user asks for a password reset.

"People will always be able to get their account back," said Lewis. "Spammers are not going to be able to hack into their mobile phone or their trusted PC."

With those proofs in place, more users will be able to reset their passwords without help from Microsoft support. "Medium-term, people will have a better self-service recovery path," Lewis said.

To add additional proofs, such as a trusted PC or mobile phone, to a Hotmail account, users must click Options in the upper right of the Hotmail screen, select More options... from the drop-down menu, then click View and edit personal information under the subheading of Mange your account. The proofs can be added under Password reset information.

Microsoft isn't the only webmail provider beefing up security. Last week, Google announced two-factor authorisation that lets businesses protect Gmail log-ins by delivering a one-time code to a cell phone via text message.

Hotmail has had a similar feature, dubbed "single-use codes", for several months.

"We're making the proofs for users more secure so hackers can't lock them out," said Lewis.

See also: Hotmail back online after hours-long outage


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite