Yesterday, Microsoft’s Dick Craddock posted a blog entry describing a new feature that was recently added to Hotmail. This feature allows users to easily report when they think a friend’s email account has been hacked. Overall, this is quite a clever idea and a good move from Microsoft toward better securing its Hotmail service. This announcement comes hot on the tail of a publication of a report that shows that spammers are switching to using compromised accounts instead of directly sending mail from bots.
The idea behind the feature is that when an account is compromised, it is often used to spam the compromised user’s friends. This new system allows those friends to act as an early warning system in addition to Hotmail’s other account compromise detection features. Hotmail will even send notifications to Gmail and Yahoo!’s mail team if they find out that accounts from those providers have been hacked.
It’s very positive to see steps like this being added by online mail providers and I wouldn’t be surprised to see other providers follow suit. Microsoft is also enhancing its weak password detection in order to force users to use stronger passwords. This is also a good idea, as it will help protect users against attackers who manually guess their passwords but will be less effective at stopping account compromises from malware. Most modern data-stealing malware will intercept all Web passwords and send these back to the attacker so, unfortunately, it does not make much difference if your password is 123456 or if it looks like a cat ran across your keyboard.