Microsoft touts Hotmail security adds; users complain of account hacks

Details plans to beef up e-mail service's security; users wish they were in place now

Microsoft will beef up security in the revamped Windows Live Hotmail, including tying a user's account to a specific PC, a company executive said today.

Some Hotmail users whose accounts have been recently hacked say Microsoft's security improvements can't come too soon.

The updated Hotmail is slated to start rolling out June 15, and should reach all users within six weeks, said Walter Harp, Hotmail's director of product management.

Microsoft is adding what Harp dubbed "proofs" to Hotmail to secure accounts against hijacking, or let users more easily recover control if their account has been snatched by criminals. Among those proofs will be one that links a specific computer to a user's account.

"You'll be able to set your computer as a proof," said Harp, referring to the link between a PC and an account.

Other Web services, including Facebook and Google 's Gmail, already offer similar ties to stymie account hijacking. Facebook, for example, recently added a setting that lets users approve the devices they use to log in; if an account is accessed from an unapproved device, the user is notified.

Google tracks log-ins and warns Gmail users of suspicious patterns, such as an attempt to log-in from a foreign country, or multiple failed log-in attempts.

"We think we've done it a little better than Gmail," argued Harp. "My mom's not going to get it if Gmail told her she had tried to log in from a different IP address."

Although the PC-to-account link won't be offered as one of Hotmail's new identity proofs until later this year -- likely this fall, said Harp, when Microsoft again updates the service -- others will debut at the launch next month of what Microsoft has codenamed "Wave 4" of its Web e-mail service.

"Your mobile phone will be an additional proof," said Harp, explaining that if a user loses control of his or her account -- and thus has no way to reset the password to regain access -- Hotmail will notify the user by phone, then send a new password to that phone. "We'll do that if either a human or malware gets into your account," Harp said.

Phones play another role in Hotmail's enhanced security: Users can request that Microsoft send a one-time password to their phones via SMS. Harp envisioned this being used by people logging in at public places, such as Internet cafes, libraries or unprotected Wi-Fi hotspots. The feature came out of conversations with focus groups in less-developed countries, where more people connect to the Internet at cafes.

"The general idea is that you'd use this to be particularly cautious at a public computer, which for all you know may be infected with keylogging malware," said Harp.

Hotmail will also include a new feature tagged "Trusted Sender," which visually identifies legitimate mail from about 100 senders, mostly financial institutions like banks, that are commonly spoofed by identity thieves.

When asked to compare the new Hotmail security features with rivals such as Gmail and Yahoo Mail, Harp declined to go toe-to-toe with the competition. "The race isn't so much with the other [Web e-mail] services, but with the miscreants," he said.

Matt Rosoff, an analyst with Directions on Microsoft, disputed Harp's claim that rivals weren't at the root of Hotmail's changes. "Without the competition from Google['s Gmail], Microsoft would have much less incentive to improve Hotmail," said Rosoff.

But Harp did tout the fact that Hotmail has all of Microsoft behind it, including the company's security team. "We bring all of Microsoft's know-how, not just the Hotmail's team, to the table," said Harp.

As an example, Microsoft will offer the Internet Explorer 8 (IE) "SmartScreen Filter" technology on its Windows Live properties. SmartScreen Filter is a combination anti-phishing and malware blocking tool in IE8 that warns users when they try to reach a potentially-dangerous URL.

Hotmail users running rival browsers, including Google's Chrome, Mozilla's Firefox, Apple's Safari and Opera Software's Opera, will receive that same protection later this year in a follow-on update to the June launch of Wave 4, said Harp. Other parts of Windows Live, including Messenger, Microsoft's instant messaging client, will have it immediately next month.

But some users wished Microsoft had stepped up its Hotmail security efforts earlier.

Although Microsoft today denied that there has been a recent uptick of Hotmail account hijackings, numerous users of the service have claimed that their inboxes have been hacked, and that their contacts have been purged .

Several users who used Twitter today to report that their Hotmail accounts had been hacked also wanted better security now .

"[Microsoft] to give Hotmail a make-over [is] too little too late if the number of times my account has been hacked is an indicator," tweeted James Milligan today, referring to a Wednesday story on The Daily Telegraph 's Web site about Hotmail improvements.

"Hotmail adding a bunch of new features ... how about focusing on security from hackers? And more help for hacked accts?" tweeted Bill Robb Tuesday.

Robert McMillan of the IDG News Service contributed to this report.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags hotmailMicrosoftsecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?