Microsoft beefs up Hotmail password security

Hotmail users can now register mobile phone numbers and trusted computers to be used as proof of rightful account ownership when accounts are hijacked.

In addition to providing a security question and alternate e-mail address, Hotmail users can now register a trusted computer and a mobile phone number to use when they have been locked out of their accounts.
In addition to providing a security question and alternate e-mail address, Hotmail users can now register a trusted computer and a mobile phone number to use when they have been locked out of their accounts. Microsoft

Microsoft added new security features to Hotmail today that are designed to make it harder for accounts to get hijacked and easier for victims to recover them if so.

Hotmail users have been able to answer a security question or have an e-mail sent to an alternate e-mail address when they need to get into their locked account, either because it was hijacked or because they forgot the password. Those systems can be problematic as many people forget the security questions or they can be easily figured out by strangers with enough Web research.

Now, they can register a mobile phone number that a secret code can be sent to via SMS so they can reset the password. And they can also use a trusted computer that they have registered with Hotmail in advance so that if that computer is used, Hotmail will automatically trust the communication and allow the user to reset the password.

In addition, before adding a new proof method or changing an existing one, Hotmail users will have to have access to at least one existing ownership verification method, Microsoft announced at the TechCrunch conference and on the Inside Windows Live blog. This means that hijackers who steal passwords can't lock the rightful Hotmail users out of their accounts by changing that information.

If accounts have no proofs set up and customers lose access they can work with Microsoft support representatives directly at www.windowslivehelp.com/accountrecovery.

Microsoft also shows a "trusted sender" shield icon on e-mail that has been verified as legitimate and sends a one-time password to mobile phones for Hotmail users who don't want to type in their real password on a public computer.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments