err0r Posted July 18, 2011 Report Share Posted July 18, 2011 Attention Hotmail users: if your Hotmail password is "123456," it won't be for much longer. Microsoft said Thursday that the company has added a pair of security features designed to cut down on the number of people whose accounts have been hacked, or who could be compromised in the future. The first, known as "My friend has been hacked!", has already rolled out; the second, a feature to ban common passwords, will arrive soon. Recognizing that a friend was hacked is something that users can somewhat easily do, but machines may have a more difficult time. Generally, when an account is hijacked, it is either used for spam or to solicit money through a social engineering scheme. A suspicious user may call the friend to double-check. If a hack is discovered, the frind must then begin a process to take back his or her account. The new program helps prevent that malicious account from poisoning others, and can also help facilitate the takeback process. "When you report that your friend's account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked," flower Craddock, the group program manager for Hotmail, wrote in a blog post. "It turns out that the report that comes from you can be one of the strongest 'signals' to the detection engine, since you may be the first to notice the compromise. So, when you help out this way, it makes a big difference!" If the account is marked as compromised, it is turned off and then must be re-enabled through a complex process. Microsoft also sends notices to other email providers, such as Gmail, to notify them as well. "We've had this feature turned on for only a few weeks, and we've already identified thousands of customers who have had their accounts hacked and helped those customers reclaim their accounts," Craddock wrote. A simpler but equally effective method to prevent email account hacking is simply to force users to adopt complex passwords, the most common piece of advice for email account security. A complex password can use non-dictionary words, upper- and lower-case, and non-alphanumberic characters: "%Bo11aHo11a%," for example, versus "123pass". But Hotmail also considers weak passwords to include common phrases, like "gogiants". Ironically, a Microsoft researcher in 2010 made the case that enabling strong passwords wasn't worth the effort. However, Microsoft has taken a harder-edged approach. "This new feature will be rolling out soon, and will prevent you from choosing a very common password when you sign up for an account or when you change your password," Craddock wrote. "If you're already using a common password, you may, at some point in the future, be asked to change it to a stronger password." Hotmail recently celebrated its 15th birthday. Source: Mark Hachman Link to comment Share on other sites More sharing options...
Fanfare Posted July 19, 2011 Report Share Posted July 19, 2011 Making a password as easy as 123456 is a surest way to get hacked. I'm sure this is a common sense everybody should know already. Link to comment Share on other sites More sharing options...
Warrior124 Posted July 19, 2011 Report Share Posted July 19, 2011 Making a password as easy as 123456 is a surest way to get hacked. I'm sure this is a common sense everybody should know already. I guess I should change mine? Link to comment Share on other sites More sharing options...
takaharu_ Posted July 20, 2011 Report Share Posted July 20, 2011 They'll probably need to come up with another password reset system too. It never ceases to amaze me how many newbies we get in my workplace that can't enter Password1 within the limit of five attempts. Link to comment Share on other sites More sharing options...
Recommended Posts