Hotmail Bans Easy-to-Guess Passwords
Lazy, easy-to-crack passwords such as "11111" or the ever-popular "password" will soon be a thing of the past for Hotmail users.
Microsoft introduced a new security feature that prevents Hotmail account holders from using common passwords such as "123456" and "111111." The new preventative measure will be rolled out soon, and, beyond blocking what it called "frighteningly common" passwords, it will also disable new Hotmail users from choosing less predictable ones such as "ilovecats" or "gogiants," which Microsoft, in a blog posting announcing the new feature, said are shared by millions of people.
"Having a common password makes your account vulnerable to brute force 'dictionary' attacks, in which a malicious person tries to hijack your account just by guessing passwords (using a short list of very common passwords)," Hotmail's group program manager Dick Craddock wrote.
Forcing Hotmail users to beef up their passwords is the first line of defense against account hijacking. In recent months, weak passwords have been at the root of several high-profile hacks, including an attack on Fox News Politics' Twitter feed that reported that President Barack Obama was dead.
But eliminating simple passwords is only one part of Microsoft's plan to make Hotmail a safer place to email friends and family. In fact, friends and family are a crucial part in this second feature.
Hotmail users can now report directly to Hotmail when they receive a message they believe to be from a hacked account.
For instance, if you receive a message from a family member saying he or she is stuck in a foreign country and needs you to send money immediately, and you know it's a scam, you can now select a tab that says, "My friend's been hacked!"
Once Hotmail receives your warning, it combines it with information from a "compromise detection engine," and if it determines that the account has been hijacked, it stops the user from accessing it similar to a bank putting a hold on a stolen credit card.
When the victim tries to log back in, Hotmail puts them through a password verification process to ensure they are the legitimate account holder.