Microsoft touts Hotmail security adds; users complain of account hacks
Details plans to beef up e-mail service's security; users wish they were in place now
Computerworld - Microsoft will beef up security in the revamped Windows Live Hotmail, including tying a user's account to a specific PC, a company executive said today.
Some Hotmail users whose accounts have been recently hacked say Microsoft's security improvements can't come too soon.
The updated Hotmail is slated to start rolling out June 15, and should reach all users within six weeks, said Walter Harp, Hotmail's director of product management.
Microsoft is adding what Harp dubbed "proofs" to Hotmail to secure accounts against hijacking, or let users more easily recover control if their account has been snatched by criminals. Among those proofs will be one that links a specific computer to a user's account.
"You'll be able to set your computer as a proof," said Harp, referring to the link between a PC and an account.
Other Web services, including Facebook and Google's Gmail, already offer similar ties to stymie account hijacking. Facebook, for example, recently added a setting that lets users approve the devices they use to log in; if an account is accessed from an unapproved device, the user is notified.
Google tracks log-ins and warns Gmail users of suspicious patterns, such as an attempt to log-in from a foreign country, or multiple failed log-in attempts.
"We think we've done it a little better than Gmail," argued Harp. "My mom's not going to get it if Gmail told her she had tried to log in from a different IP address."
Although the PC-to-account link won't be offered as one of Hotmail's new identity proofs until later this year -- likely this fall, said Harp, when Microsoft again updates the service -- others will debut at the launch next month of what Microsoft has codenamed "Wave 4" of its Web e-mail service.
"Your mobile phone will be an additional proof," said Harp, explaining that if a user loses control of his or her account -- and thus has no way to reset the password to regain access -- Hotmail will notify the user by phone, then send a new password to that phone. "We'll do that if either a human or malware gets into your account," Harp said.
Phones play another role in Hotmail's enhanced security: Users can request that Microsoft send a one-time password to their phones via SMS. Harp envisioned this being used by people logging in at public places, such as Internet cafes, libraries or unprotected Wi-Fi hotspots. The feature came out of conversations with focus groups in less-developed countries, where more people connect to the Internet at cafes.
"The general idea is that you'd use this to be particularly cautious at a public computer, which for all you know may be infected with keylogging malware," said Harp.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts