Hotmail: Now Report About Friend's Hacked Aaccount (Including Gmail,Y!Mail), Prevents from Using Common Passwords

Microsoft's Hotmail team annouced a couple of new features that help protect your accounts. "The first lets you report a friend's account as compromised - a feature unique to Hotmail - and the second prevents you from using common passwords that make your account easy to hack," blooged Dick Craddock over at Inside Windows Live […]

Microsoft's Hotmail team annouced a couple of new features that help protect your accounts. "The first lets you report a friend's account as compromised - a feature unique to Hotmail - and the second prevents you from using common passwords that make your account easy to hack," blooged Dick Craddock over at Inside Windows Live blog.

Craddock explains that "When you sign in to Hotmail, and you see you've got new mail from one of your friends and discover that it's spam! Whatever the case, one thing is for sure: this email isn't really from your friend at all. Instead, it's from a spammer who has hijacked your friend's account." Well no fret!

Now, Hotmail lets you report your friend's account as compromised. It's easy: When you get that spam message supposedly from your friend, you just click "My friend's been hacked!" on the "Mark as" menu:

You can also report an account as compromised when you mark a message as junk or otherwise move a message to the Junk folder:

The best things is, you can also report any email account such as Yahoo! Mail and Gmail, as compromised too, and Hotmail will provide the compromise information to both Yahoo! and Gmail. "We did the work to enable other email providers like Yahoo! and Gmail to receive these compromise reports from Hotmail including those submitted by you, and those providers will now be able to use the reports in their own systems to recover hacked accounts," informed Craddock.

In addition to this, Hotmail will now prevent customers from using one of several common passwords," revealed Craddock. Common password makes your account vulnerable to brute force "dictionary" attacks, of course, Hotmail has built-in defenses against standard dictionary attacks, but when someone can guess your password in just a few tries, it hardly constitutes "brute force!"

"This new feature will be rolling out soon, and will prevent you from choosing a very common password when you sign up for an account or when you change your password. If you're already using a common password, you may, at some point in the future, be asked to change it to a stronger password," noted Craddock.

"Our compromise detection system is always working in the background to detect unusual behavior. When we detect bad behavior from an account (like an account that suddenly starts sending spam), we mark that account as compromised.

When you report that your friend's account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked. It turns out that the report that comes from you can be one of the strongest "signals" to the detection engine, since you may be the first to notice the compromise. So, when you help out this way, it makes a big difference!

Once we mark the account as compromised, two things happen:

  • First and foremost, the account can no longer be used by the spammer.
  • When your friend attempts to access their account, they're put through an account recovery flow that helps them take back control of the account," explained Craddock.

You can learn more about how to set up account proofs, or go ahead and set up your account proofs now.

[Source: Inside Windows Live]