Microsoft’s email service, Hotmail, is implementing tougher standards for user passwords to combat the increasing occurrence email account hijackings.
The company said Hotmail users will no longer be allowed to use common, easily guessable passwords like “password,” “12345,” and “qwerty,” which are susceptible to “brute force” and “dictionary” attacks. They will also have to meet more stringent password requirements when creating a password. Users with passwords deemed too weak or common will be required to change them, the company said.
Microsoft is also introducing a new feature to highlight account takeovers when they occur. Hotmail users can now report accounts that appear to have been compromised if they receive suspicious emails from it. Suspicious mail can now be tagged with a “My friend’s been hacked!” category. That feature has been available for mail received from other Hotmail users, but has now been expanded to allow for reporting hacked email accounts sent from other services.
Accounts that have been marked as compromised will no longer be available to the spammer and the account’s rightful owner will be put through and “account recovery flow” that will help them regain control of the account. If it is the case that the compromised account is using a different email service, then Hotmail will contact that service, and they will take it from there. You can find the Windows Live announcement here.