Microsoft touts Hotmail security adds; users complain of account hacks

Details plans to beef up e-mail service's security; users wish they were in place now

Microsoft will beef up security in the revamped Windows Live Hotmail, including tying a user's account to a specific PC, a company executive said today.

Some Hotmail users whose accounts have been recently hacked say Microsoft's security improvements can't come too soon.

The updated Hotmail is slated to start rolling out June 15, and should reach all users within six weeks, said Walter Harp, Hotmail's director of product management.

Microsoft is adding what Harp dubbed "proofs" to Hotmail to secure accounts against hijacking, or let users more easily recover control if their account has been snatched by criminals. Among those proofs will be one that links a specific computer to a user's account.

"You'll be able to set your computer as a proof," said Harp, referring to the link between a PC and an account.

Other Web services, including Facebook and Google 's Gmail, already offer similar ties to stymie account hijacking. Facebook, for example, recently added a setting that lets users approve the devices they use to log in; if an account is accessed from an unapproved device, the user is notified.

Google tracks log-ins and warns Gmail users of suspicious patterns, such as an attempt to log-in from a foreign country, or multiple failed log-in attempts.

"We think we've done it a little better than Gmail," argued Harp. "My mom's not going to get it if Gmail told her she had tried to log in from a different IP address."

Although the PC-to-account link won't be offered as one of Hotmail's new identity proofs until later this year -- likely this fall, said Harp, when Microsoft again updates the service -- others will debut at the launch next month of what Microsoft has codenamed "Wave 4" of its Web e-mail service.

"Your mobile phone will be an additional proof," said Harp, explaining that if a user loses control of his or her account -- and thus has no way to reset the password to regain access -- Hotmail will notify the user by phone, then send a new password to that phone. "We'll do that if either a human or malware gets into your account," Harp said.

Phones play another role in Hotmail's enhanced security: Users can request that Microsoft send a one-time password to their phones via SMS. Harp envisioned this being used by people logging in at public places, such as Internet cafes, libraries or unprotected Wi-Fi hotspots. The feature came out of conversations with focus groups in less-developed countries, where more people connect to the Internet at cafes.

"The general idea is that you'd use this to be particularly cautious at a public computer, which for all you know may be infected with keylogging malware," said Harp.

Hotmail will also include a new feature tagged "Trusted Sender," which visually identifies legitimate mail from about 100 senders, mostly financial institutions like banks, that are commonly spoofed by identity thieves.

When asked to compare the new Hotmail security features with rivals such as Gmail and Yahoo Mail, Harp declined to go toe-to-toe with the competition. "The race isn't so much with the other [Web e-mail] services, but with the miscreants," he said.

Matt Rosoff, an analyst with Directions on Microsoft, disputed Harp's claim that rivals weren't at the root of Hotmail's changes. "Without the competition from Google['s Gmail], Microsoft would have much less incentive to improve Hotmail," said Rosoff.

But Harp did tout the fact that Hotmail has all of Microsoft behind it, including the company's security team. "We bring all of Microsoft's know-how, not just the Hotmail's team, to the table," said Harp.

As an example, Microsoft will offer the Internet Explorer 8 (IE) "SmartScreen Filter" technology on its Windows Live properties. SmartScreen Filter is a combination anti-phishing and malware blocking tool in IE8 that warns users when they try to reach a potentially-dangerous URL.

Hotmail users running rival browsers, including Google's Chrome, Mozilla's Firefox, Apple's Safari and Opera Software's Opera, will receive that same protection later this year in a follow-on update to the June launch of Wave 4, said Harp. Other parts of Windows Live, including Messenger, Microsoft's instant messaging client, will have it immediately next month.

But some users wished Microsoft had stepped up its Hotmail security efforts earlier.

Although Microsoft today denied that there has been a recent uptick of Hotmail account hijackings, numerous users of the service have claimed that their inboxes have been hacked, and that their contacts have been purged .

Several users who used Twitter today to report that their Hotmail accounts had been hacked also wanted better security now .

"[Microsoft] to give Hotmail a make-over [is] too little too late if the number of times my account has been hacked is an indicator," tweeted James Milligan today, referring to a Wednesday story on The Daily Telegraph 's Web site about Hotmail improvements.

"Hotmail adding a bunch of new features ... how about focusing on security from hackers? And more help for hacked accts?" tweeted Bill Robb Tuesday.

Robert McMillan of the IDG News Service contributed to this report.

Tags hotmailsecurityMicrosoft

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?