Microsoft is implementing two new security features to keep Hotmail accounts safe. One feature banning commonly used passwords and the other letting you report compromised email accounts called “Hey! My friend’s account was hacked!”
Spam is annoying, but worse is getting spam email masquerading under a trusted friend’s address. Now, when you log onto a Hotmail account and notice that aunt Phyllis has sent you a message about a Viagra deal (or whatever generic ad the spammer is touting) you can easily report that account as being compromised. By alerting the Hotmail team, you can ensure that no more of aunt Phyllis’ contacts are taken in by the scambag.
The Windows Team Blog goes into depth about the new security measure, but basically the “My friend’s been hacked!” feature can be utilized through two ways. One way users have probably already seen is selecting the feature in the “Mark as” dropdown. There is also an option to report the hacked account when you move the message to the junk folder.
If you’re wondering if abusing this feature will be easy like those fake Facebook DMCA takedown notices a while back, the Hotmail team says they put a little more thought into the process. The hijack report is the most important signal to the detection engine, however, other information is used and combined to determine whether an account has been compromised.
Once the account is marked bad it can’t be used by the spammer anymore. As far as recovery goes, there is a recovery flow for aunt Phyllis to take back control of the account. Though the feature has been running for a few weeks now, a new addition is that Hotmail users can report non-Hotmail accounts now. Any email can be reported to allow Yahoo! And Gmail access better information about compromised accounts.
Along with this new alert feature, Microsoft is banning certain passwords which the cracking of “hardly constitutes ‘brute force’!” Of course 123456 and “Password” will be banned but also other common phrases such as “ilovecats” or “gogiants”. If you’re already using one of those common options you may be prompted to upgrade to a stronger password in the near future.