Redmond, Washington — Security is something that is necessarily essential for internet companies that provide email and social networking services. Taking this in to account, software monopolist Microsoft earlier this week has released raft of new Hotmail security features aimed at blocking email hijackers and helping users reclaim compromised accounts. It is also adding closer integration to Facebook and LinkedIn for Windows Live.
Spam is the greatest plague of the web. Not just because it clutters mailboxes, but also because, to engage in their activities of fraudsters spoof e-mail accounts of users lambdas, without their always aware. To fight against this abuse, Microsoft has strengthened the security of its Hotmail accounts.
Hotmail earlier this year has undergone through a wide scale upgrade and the latest security features are set to give the modified version of the site an extra level of robustness in the face of increased criminal activity related to the service. The security crackdown combined a clearout of suspected bogus accounts and improvements to make it easier to recover an account in future. It is based on creating trusted PC and sending code via SMS.
According to John Scarrow, Microsoft’s general manager of safety services, “not too long ago, account hijacking was a topic limited mostly to financial service websites.” But of Lately, however, such assaults have become liable for “disrupting millions of accounts every year,” he said, not to mention anyone in the hijacked account owner’s address book. “This type of identity theft costs users and services billions of dollars every year.”
The attacks are deceptively simple: an attacker gains access to an account — perhaps one that has not been used in months or years — then emails a request for money to everyone in the account’s address book. One such message, for example by the type of criminal who then e-mails everyone on a contact list with a fake sob story asking for money.
Henceforth, Hotmail security will no longer be based on a secret question and an alternate address provided by users in order to reset passwords. Users will now be able to set trusted devices like a PC or mobile phone as a way of proving that they are the bona fide holder of the account.
To help dissuade such attacks, Microsoft said it has taken multiple steps, including actively purging attackers from compromised accounts, taking legal action against domains used by scammers, and now, improving Hotmail security. To begin with, when using a public machine, a Hotmail user can have a one-time password sent to their cell phone. That way, even if a keylogger or malware is installed on the PC, once the user logs out, no one can use the password to again log in.
The company is also restricting the number of unsuccessful password attempts allowed before an account is locked, a move intended to reduce the chances of a dictionary-based/brute force attack succeeding. Also, to protect against man-in-the-middle attacks, Microsoft said it now uses SSL to encrypt the start of every session, and later this year will offer SSL for the full Hotmail session.
A mobile number to send a PIN — And this is where the second security component that is recently developed by Microsoft. The editor has examined the identification system intended to prove that an application for change of password is the fact of its owner and not a bad person. In addition two new security elements. First, Microsoft provides the attachment of the account to one or more donated computers, called “Trusted PC“, an operation that occurs after you install the machine after free Windows Live Essentials.
Additionally, few other modifications released this week include new limits on attaching photographs to e-mails (now 25MB per picture and 10GB total per message), and an automated link to shipping company websites when an appropriate tracking number appears in an e-mail.