Adding security to Hotmail

With two new features, Hotmail users can access their accounts better in case they have been compromised by criminals. That is what the Windows Live team has announced in the Inside Windows Live blog.

Windows Live Account: Password reset information

Until now, attackers could lock account owners out of their accounts by gaining access to the password (for example by phishing, trojans or unencrypted wireless networks) and changing this password after sign-in. When the true owner did not have any alternate e-mail address on file and forgotten the security question, accessing the e-mail account was not possible anymore.

Now, Microsoft is adding sending of password reset codes via SMS to help users regain control over their accounts in case of emergency. To activate this feature, you have to tell Hotmail your mobile phone number before anything happens. The SMS contains a code that you can use to have your password reset on the recovery pages.

Furthermore, a new feature called “Trusted PC” is added. You can use it to link a specific computer with your Hotmail account and thus helps you to reset the password in case you need to. So, the features are useful for people who keep forgetting their passwords, too.

To protect the new features from being manipulated by intruding people, you cannot change one option without confirming your change by means of a different option. “For example, if your account was already set up with an alternate email proof and you wanted to add a cell phone number as well, you would need to use the alternate email address to do it,” explains John Scarrow, General Manager Safety Services. “This means that even if a hijacker steals your password, they can’t lock you out of your account or create backdoors for themselves. You will always be able to get your account back and kick the hijackers out.”

Finally, Microsoft announced that connections to Hotmail will be encryted with SSL completely, not only the sign-in procedure, like until now.