Hotmail Strives to Eliminate 'Password' Passwords

Saturday, July 16, 2011 - by Michael Santo

By any measure, end users are still using passwords that are far too simple. The Gawker Media hack from 2010, in fact, showed "123456" was the most common password in Gawker's database. Well, Microsoft's decided that if folks aren't going to pick strong passwords, at the very least Microsoft can keep them from picking the most egregious, easy passwords to hack.

Microsoft's Hotmail service will now prevent new customers from selecting passwords that are too easy to guess, such as "password" or the aforementioned "123456." Those sorts of passwords, besides being easy to guess, are particularly vulnerable to brute force or “dictionary” attacks.

In addition to preventing users from choosing a weak password when signing up for a new account, the changes will also prevent already existing users from doing the same when changing their passwords. Sometime in the future, the system may proactively force users to change their passwords, as well. The changes will be rolling out "soon."

Microsoft has, for a long time, had a password checker. Users can enter their password into it and the system will judge if it is strong enough.

What is interesting is that as hackers have become more sophisticated, what used to be a strong password is no longer so. Microsoft says a strong password should contain at least 14 characters, for one, which isn't exactly easy to remember without a program such as LastPass or Roboform.

Hotmail is adding another feature, as well. How often have you seen what appears to be a spam or phishing email come from one of your contacts? That usually means that your friend has had a virus infect their system, or else their account has been hacked because of a (ahem) too easy password. And naturally, it's that person's friends that usually spot the problem first, when they get such compromised email.

The new Hotmail feature allows users to report such an email directly to Hotmail. Microsoft is adding a "My friend's been hacked" option on the Hotmail drop-down "Mark As" menu. Once you report the email, "Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked."

In addition, Microsoft will share any such data with Yahoo or Google, so even if the email came from Gmail or Yahoo! mail, you'll still be helping out your friend.

These are nice features, but they are still not going to get us to move from Gmail. Gmail has the best spam detection we've ever seen, and there's that Google+ service you might have heard of.

Via: Microsoft | News Archive | Tags: security, hotmail, Password

View forum thread

Comments

By Manduh on Jul 16, 2011

Regarding the passwords.. Finally! Some sites already have a strength system and force you to choose something from moderate to strong. Hotmail should have implemented this years ago.

The "My friend's Been hacked" is another great feature, however, I haven't used hotmail in a very long time and, you're right, this won't bring me back.

By RTietjens on Jul 16, 2011

Is this a typo, or does it simply negate the headline?

"Microsoft's Hotmail service will not prevent new customers from selecting passwords that are too easy to guess,..."

By OptimusPrimeTime on Jul 16, 2011

"Yeah its a Typo, he meant "Wiil Now". Anyhow, its a great measure along with "My friend's Been hacked" .@ ManDuh, I still have an active Live account for Live Messenger even though the new interface sucks but I have lots of active contacts there.'

-Optimus

By Manduh on Jul 16, 2011

I still have an active acct for Windows Live as well but I think I only sign in on average once or twice a month lol. I have 130 contacts or so and only see about 3 at the most online at a time. I think with all the acct hijacking people are straying away from them.

By OptimusPrimeTime on Jul 16, 2011

Manduh:
. I think with all the acct hijacking people are straying away from them.

"Totally true, I cant believe people fell for that "See Who Erased You' scheme . oh well, at least I can report a "My friend's Been hacked" and have those accounts stop spamming me. Oh, and I happen to have almost 600 contacts, but about 80 or so are still active. Funny thing is that I have 3850 unread messages . I dont like Hotmail's inteface and it too slow, so I just stick with Gmail."

-Optimus

By Manduh on Jul 16, 2011

Wowsers that's crazy haha.

By realneil on Jul 16, 2011

Manduh:
Wowsers that's crazy haha.

Hotmail is crazy. I dumped them many years ago because it was like being slowly pecked to death by Chickens.

By Dave_HH on Jul 17, 2011

Ughh, corrected :)

By omegadraco on Jul 16, 2011

A step in the right direction for Microsoft. I would assume they will be implementing this on the rest of their sites as well. Love the "my freinds been hacked" feature and find it interesting that they will be communicating with Yahoo and Gmail. Do you think that Yahoo and Gmail will be implementing a similar feature in the near future.

	Replies
Apple Breaks New Ground Again with PCI...	20
Microsoft Fakes It At E3: Shows Xbox One...	17
Orders Speak Volumes: Amazon Launch...	10
HP Exec Claims Windows XP Extinction...	9
Xbox One Games Pricing Confirmed at...	7
Samsung Begins Mass Production of PCIe...	6
Did Microsoft Lie About NSA Skype...	6

Subscribe to HH News Alerts!	Preview