'My friend's been hacked!' – Microsoft beefs up Hotmail security to stop account hijacking

Microsoft is to beef up security around its Hotmail service by introducing two features aimed at tackling account hijacking.

Microsoft is to beef up security around its Hotmail service by introducing two features aimed at tackling account hijacking.

One helps prevent hijacking in the first place by improving the strength of Hotmail users' passwords. The second security measure enables Hotmail users to report when a contact's account has been compromised.

When Hotmail users receive spam from a contact's account, it is a clear indication the account has been compromised, says Microsoft.

The reporting feature enables uses to report the account is compromised by clicking the "My friend's been hacked!" on the "Mark as" menu. The feature is also available when users mark a message as junk or move messages to the junk folder.

When a Hotmail account is reported as having been hijacked in this way, Microsoft will check its own detection systems and if a compromise is confirmed, the spammer will be locked out of the account.

When the owner of the compromised Hotmail account attempts to access it, they will be directed to instructions on how to take back control of the account.

Microsoft has been working with other e-mail providers such as Yahoo and Gmail to receive compromise reports from Microsoft and Hotmail users.

"So now, in Hotmail, you can report any email account as compromised, and Hotmail will provide the compromise information to both Yahoo! and Gmail," said Dick Craddock, group program manager of Hotmail in a blog post.

To make it more difficult to hijack Hotmail accounts in the first place, Microsoft will now prevent users from choosing common passwords that make accounts vulnerable to attack.

Using common passwords makes it easy for attackers to guess passwords because they are words or phrases like "ilovecats" that are shared by millions of people.

Once introduced, the feature will prevent users from choosing a very common password when they sign up for an account or change their password.

"If you're already using a common password, you may, at some point in the future, be asked to change it to a stronger password," said Dick Craddock.

But having a strong password is just one step to protecting an e-mail account, Craddock said. Users should also provide proofs such as an alternate e-mail address, a question and secret answer and even a mobile number where Hotmail can reach the user by text.

Read more on IT risk management