Microsoft touts Hotmail security adds; users complain of account hacks

Details plans to beef up e-mail service's security; users wish they were in place now

Microsoft will beef up security in the revamped Windows Live Hotmail, including tying a user's account to a specific PC, a company executive said today.

Some Hotmail users whose accounts have been recently hacked say Microsoft's security improvements can't come too soon.

The updated Hotmail is slated to start rolling out June 15, and should reach all users within six weeks, said Walter Harp, Hotmail's director of product management.

Microsoft is adding what Harp dubbed "proofs" to Hotmail to secure accounts against hijacking, or let users more easily recover control if their account has been snatched by criminals. Among those proofs will be one that links a specific computer to a user's account.

"You'll be able to set your computer as a proof," said Harp, referring to the link between a PC and an account.

Other Web services, including Facebook and Google 's Gmail, already offer similar ties to stymie account hijacking. Facebook, for example, recently added a setting that lets users approve the devices they use to log in; if an account is accessed from an unapproved device, the user is notified.

Google tracks log-ins and warns Gmail users of suspicious patterns, such as an attempt to log-in from a foreign country, or multiple failed log-in attempts.

"We think we've done it a little better than Gmail," argued Harp. "My mom's not going to get it if Gmail told her she had tried to log in from a different IP address."

Although the PC-to-account link won't be offered as one of Hotmail's new identity proofs until later this year -- likely this fall, said Harp, when Microsoft again updates the service -- others will debut at the launch next month of what Microsoft has codenamed "Wave 4" of its Web e-mail service.

"Your mobile phone will be an additional proof," said Harp, explaining that if a user loses control of his or her account -- and thus has no way to reset the password to regain access -- Hotmail will notify the user by phone, then send a new password to that phone. "We'll do that if either a human or malware gets into your account," Harp said.

Phones play another role in Hotmail's enhanced security: Users can request that Microsoft send a one-time password to their phones via SMS. Harp envisioned this being used by people logging in at public places, such as Internet cafes, libraries or unprotected Wi-Fi hotspots. The feature came out of conversations with focus groups in less-developed countries, where more people connect to the Internet at cafes.

"The general idea is that you'd use this to be particularly cautious at a public computer, which for all you know may be infected with keylogging malware," said Harp.

Hotmail will also include a new feature tagged "Trusted Sender," which visually identifies legitimate mail from about 100 senders, mostly financial institutions like banks, that are commonly spoofed by identity thieves.

When asked to compare the new Hotmail security features with rivals such as Gmail and Yahoo Mail, Harp declined to go toe-to-toe with the competition. "The race isn't so much with the other [Web e-mail] services, but with the miscreants," he said.

Matt Rosoff, an analyst with Directions on Microsoft, disputed Harp's claim that rivals weren't at the root of Hotmail's changes. "Without the competition from Google['s Gmail], Microsoft would have much less incentive to improve Hotmail," said Rosoff.

But Harp did tout the fact that Hotmail has all of Microsoft behind it, including the company's security team. "We bring all of Microsoft's know-how, not just the Hotmail's team, to the table," said Harp.

As an example, Microsoft will offer the Internet Explorer 8 (IE) "SmartScreen Filter" technology on its Windows Live properties. SmartScreen Filter is a combination anti-phishing and malware blocking tool in IE8 that warns users when they try to reach a potentially-dangerous URL.

Hotmail users running rival browsers, including Google's Chrome, Mozilla's Firefox, Apple's Safari and Opera Software's Opera, will receive that same protection later this year in a follow-on update to the June launch of Wave 4, said Harp. Other parts of Windows Live, including Messenger, Microsoft's instant messaging client, will have it immediately next month.

But some users wished Microsoft had stepped up its Hotmail security efforts earlier.

Although Microsoft today denied that there has been a recent uptick of Hotmail account hijackings, numerous users of the service have claimed that their inboxes have been hacked, and that their contacts have been purged .

Several users who used Twitter today to report that their Hotmail accounts had been hacked also wanted better security now .

"[Microsoft] to give Hotmail a make-over [is] too little too late if the number of times my account has been hacked is an indicator," tweeted James Milligan today, referring to a Wednesday story on The Daily Telegraph 's Web site about Hotmail improvements.

"Hotmail adding a bunch of new features ... how about focusing on security from hackers? And more help for hacked accts?" tweeted Bill Robb Tuesday.

Robert McMillan of the IDG News Service contributed to this report.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityMicrosofthotmail

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >




Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?