Microsoft today released new features to safeguard everyone?s account from hijackers. The company also is partnering with WordPress.com and offers upgrades for Windows Live Spaces users.
Account hijacking has grown to threaten web services like email, disrupting millions of accounts every year. When an email account is compromised by hijackers, it violates the privacy of the account owner, can harm those in their address book, and adds additional costs to the services fighting the abuse. Microsoft is addressing the problem on multiple fronts. Last week the company purged hijackers from legitimate Hotmail accounts that had been identified as compromised, and earlier this month Microsoft used legal action to take down a range of domains used by hijackers known as the Waledac botnet. Today, the company is releasing new features to safeguard everyone?s account from hijackers. These updates help users protect their password and, in the unlikely event that a hijacker gains access to their account, provide a more secure recovery path.
Hotmail is currently features the Microsoft SmartScreen technology, which filters spam emails and warns of suspicious emails and websites. These help users protect themselves from
phishing schemes like fake "official" emails or websites that ask users to provide their password. Hotmail also helps users know an email is safe by adding a shield icon next to "trusted senders".
Hotmail has also introduced the "single use code" a one-time password sent to users' cell phone so that they don?t have to reveal their true password on public machines, risking its theft.
Microsfot also uses SSL encryption to secure all connections at login. Later this fall, the company will also provide the option to use SSL for the entire Hotmail session.
Hotmail also protects users' account by blocking login after multiple unsuccessful attempts.
Despite these precautions, account compromise can still happen. So today Microsoft is rolling out new features to detect the hijacker.
Spammers traditionally created their own accounts, but as we?ve cracked down on this practice, they?ve resorted to hijacking and exploiting the accounts of legitimate users to send spam. With today?s release, Micrrosoft is taking a step forward by detecting compromised email accounts, those co-owned by the legitimate user and the hijacker. Micrrosoft detects them with high confidence using heuristics based on login and account activity, and stop the abuse by locking the hijacker out and closing back doors they may have set up, like using vacation auto reply messages to send spam. At the same time, Micrrosoft begins working with the rightful owner to reclaim the account, recognizing the urgency of the issue.
The fastest way for users to get their account back, whether it was locked or they simply forgot your password, is to reset the password using account proofs. Proofs are like spare keys. If users set them up in advance, theyr can later use them to prove theyr are the legitimate account owner. Up until now, Microsoft has offered two proofs, an alternate email address and a personal question paired with a secret answer. However, there were limitations to these. For example, only 25% of people with a secret question actually remembered their answer when needed.
Today, Microsoft is introducing two new kinds of proofs for account recovery.
- "Trusted PC" is a unique new proof that lets users link their Hotmail account with one or more of their personal computers. Then, if they ever need to regain control of their account by resetting their password, they simply need to be using their computer and we will know they are the legitimate owner.
- The second new proof option is users' cell phone number, where Hotmail will send a secret code via SMS that can be used to reset their password and reclaim their account.
Additionally, today?s release is making account recovery more secure in Hotmail. Before users can add a new proof or change any existing ones, they will need to be able to access at least one existing proof. For example, if your account was already set up with an alternate email proof and you wanted to add a cell phone number as well, you would need to use the alternate email address to do it. This means that even if a hijacker steals a password, they can?t lock a users out of his/her account or create backdoors for themselves.
If an account has no proofs set up and users lose access, then to get it back they will need to work with Microsoft's support team at www.windowslivehelp.com/accountrecovery.
Partnership with Wordpress.com
Microsoft also today announced on stage at TechCrunch Disrupt, a partnership with Wordpress.com.
WordPress.com offers a host of impressive capabilities ? from a scalable platform and spam protection, to great personalization and customization. WordPress powers over 8.5% of the web, is used on over 26 million sites, and WordPress.com is seen by over 250 million people every month. So rather than having Windows Live invest in a competing blogging service, Microsoft decided to give users a greater blogging solution through WordPress.com.
There are 30 million people who are actively using Windows Live Spaces and have been eagerly awaiting the next set of new blogging features. For these customers, Windows Live and WordPress.com have worked together to build a simple way to move their blog posts, comments, and integrated photos right over to WordPress.com and start taking advantage of all their new features. Microsoft will also redirect all the old Spaces URLs to users' new blog. There?s more information posted online here
With Messenger Connect, any website can easily give their customers the ability to share updates with their Messenger friends, and WordPress.com has done exactly this.
When users connect their Messenger account to Wordpress.com, they can have new posts on their WordPress.com blog automatically send a notification for each new blog post to their Messenger friends? feeds.
Starting today, when new Windows Live customers go to create a new blog on the web, Microsoft will help them create that new blog on WordPress.com. And when Windows Live Essentials 2011 releases later this fall, Windows Live Writer will also use WordPress.com as its default blogging solution.