Microsoft touts Hotmail security adds; users complain of account hacks

Details plans to beef up e-mail service's security; users wish they were in place now

Microsoft will beef up security in the revamped Windows Live Hotmail, including tying a user's account to a specific PC, a company executive said today.

Some Hotmail users whose accounts have been recently hacked say Microsoft's security improvements can't come too soon.

The updated Hotmail is slated to start rolling out June 15, and should reach all users within six weeks, said Walter Harp, Hotmail's director of product management.

Microsoft is adding what Harp dubbed "proofs" to Hotmail to secure accounts against hijacking, or let users more easily recover control if their account has been snatched by criminals. Among those proofs will be one that links a specific computer to a user's account.

"You'll be able to set your computer as a proof," said Harp, referring to the link between a PC and an account.

Other Web services, including Facebook and Google 's Gmail, already offer similar ties to stymie account hijacking. Facebook, for example, recently added a setting that lets users approve the devices they use to log in; if an account is accessed from an unapproved device, the user is notified.

Google tracks log-ins and warns Gmail users of suspicious patterns, such as an attempt to log-in from a foreign country, or multiple failed log-in attempts.

"We think we've done it a little better than Gmail," argued Harp. "My mom's not going to get it if Gmail told her she had tried to log in from a different IP address."

Although the PC-to-account link won't be offered as one of Hotmail's new identity proofs until later this year -- likely this fall, said Harp, when Microsoft again updates the service -- others will debut at the launch next month of what Microsoft has codenamed "Wave 4" of its Web e-mail service.

"Your mobile phone will be an additional proof," said Harp, explaining that if a user loses control of his or her account -- and thus has no way to reset the password to regain access -- Hotmail will notify the user by phone, then send a new password to that phone. "We'll do that if either a human or malware gets into your account," Harp said.

Phones play another role in Hotmail's enhanced security: Users can request that Microsoft send a one-time password to their phones via SMS. Harp envisioned this being used by people logging in at public places, such as Internet cafes, libraries or unprotected Wi-Fi hotspots. The feature came out of conversations with focus groups in less-developed countries, where more people connect to the Internet at cafes.

"The general idea is that you'd use this to be particularly cautious at a public computer, which for all you know may be infected with keylogging malware," said Harp.

Hotmail will also include a new feature tagged "Trusted Sender," which visually identifies legitimate mail from about 100 senders, mostly financial institutions like banks, that are commonly spoofed by identity thieves.

When asked to compare the new Hotmail security features with rivals such as Gmail and Yahoo Mail, Harp declined to go toe-to-toe with the competition. "The race isn't so much with the other [Web e-mail] services, but with the miscreants," he said.

Matt Rosoff, an analyst with Directions on Microsoft, disputed Harp's claim that rivals weren't at the root of Hotmail's changes. "Without the competition from Google['s Gmail], Microsoft would have much less incentive to improve Hotmail," said Rosoff.

But Harp did tout the fact that Hotmail has all of Microsoft behind it, including the company's security team. "We bring all of Microsoft's know-how, not just the Hotmail's team, to the table," said Harp.

As an example, Microsoft will offer the Internet Explorer 8 (IE) "SmartScreen Filter" technology on its Windows Live properties. SmartScreen Filter is a combination anti-phishing and malware blocking tool in IE8 that warns users when they try to reach a potentially-dangerous URL.

Hotmail users running rival browsers, including Google's Chrome, Mozilla's Firefox, Apple's Safari and Opera Software's Opera, will receive that same protection later this year in a follow-on update to the June launch of Wave 4, said Harp. Other parts of Windows Live, including Messenger, Microsoft's instant messaging client, will have it immediately next month.

But some users wished Microsoft had stepped up its Hotmail security efforts earlier.

Although Microsoft today denied that there has been a recent uptick of Hotmail account hijackings, numerous users of the service have claimed that their inboxes have been hacked, and that their contacts have been purged .

Several users who used Twitter today to report that their Hotmail accounts had been hacked also wanted better security now .

"[Microsoft] to give Hotmail a make-over [is] too little too late if the number of times my account has been hacked is an indicator," tweeted James Milligan today, referring to a Wednesday story on The Daily Telegraph 's Web site about Hotmail improvements.

"Hotmail adding a bunch of new features ... how about focusing on security from hackers? And more help for hacked accts?" tweeted Bill Robb Tuesday.

Robert McMillan of the IDG News Service contributed to this report.

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags hotmailMicrosoftsecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?