Microsoft has announced it is banning Hotmail users from using common passwords, such as “password” or “123456”, that are very easy for hackers to guess.
“Having a common password makes your account vulnerable to brute force ‘dictionary’ attacks, in which a malicious person tries to hijack your account just by guessing passwords,” wrote Hotmail program manager Dick Craddock in a blog post. “Of course, Hotmail has built-in defenses against standard dictionary attacks, but when someone can guess your password in just a few tries, it hardly constitutes ‘brute force!’”
Hotmail users who are already using common passwords may, at some point in the future, be asked to change them to make them stronger, added Craddock.
The change is part of a raft of new security features designed to improve account protection for webmail users. These include a new option for Hotmail account holders to flag up when their friends’ accounts have been compromised by spammers. The “Mark as” drop-down menu now includes the option: “My friend’s been hacked!”
The news follows several high-profile hacks, in which email addresses and passwords have been compromised. Analysis of the passwords compromised in the Gawker Media hack late last year found the most common to be “123456” and “password”. Other common terms included “monkey”, “qwerty”, “consumer” and “lifehack”.
Meanwhile, in April this year, hacker group LulzSec stole account information of up to 77 million users on the PlayStation Network and Qriocity. A week later the company admitted that the Sony Online Entertainment gaming service had also been breached, affecting an additional 24.6 million users.
According to security firm Sophos, 33 percent of computer users use the same password for all their online accounts, and nearly half (48 percent) have a handful of options. Only 19 percent use different passwords for every website they sign up to.
“Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain,” warned Sophos senior technology consultant Graham Cluley in December. “Password security is becoming more important than ever. Make sure that you’re taking the issue seriously, or suffer the consequences.”
Earlier this year, Google added two-step authentication to a variety of its accounts, such as the basic Google account and its Gmail services. According to Google product manager Nishit Shah, the opt-in security feature makes Gmail accounts significantly more secure.
The two-step authentication process will involve the user’s password plus a code sent to a phone number the user provides. Once it is set up, when users enter their password they will also be prompted to enter a code provided by Google.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…