Microsoft Hotmail bans common passwords and introduces hacking alert system

Microsoft announced two new key Hotmail security features on Thursday. The software giant is introducing a “My friend’s been hacked!” feature alongside banning commonly used and weak passwords. The hacking alert system will allow users to simply report accounts that have been compromised. “When someone’s account gets hijacked, their friends often find out before they do, because the hijacker uses their account to send spam or phishing email to all their contacts,” explains Microsoft’s Dick Craddock. The Hotmail team has built a specific feature to combat this. The “mark as” menu in Hotmail now contains “My friend’s been hacked!”. Hotmail users can also report hacked accounts via the junk mail filing screen.

The feature will send an alert to Microsoft which is automatically parsed into the company’s detection system. “When you report that your friend’s account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked,” says Craddock. Microsoft will then make sure the account can no longer be used by spammers and activates an account recovery process to allow the owner to take back control of the account. Microsoft enabled the feature a few weeks ago. “We got thousands of reports of compromised accounts,” Craddock says. Microsoft’s system will also allow Yahoo! and Gmail accounts to receive compromise reports from Hotmail. “Those providers will now be able to use the reports in their own systems to recover hacked accounts,” revealed Craddock. “We’ve had this feature turned on for only a few weeks, and we’ve already identified thousands of customers who have had their accounts hacked and helped those customers reclaim their accounts.”

Microsoft will also roll out a feature to prevent users from choosing a common password. Common passwords include password, 123456, ilovecats and gogiants. “This new feature will be rolling out soon, and will prevent you from choosing a very common password when you sign up for an account or when you change your password,” says Craddock. Hotmail users who currently use a weak and common password may be prompted to change it in the future.