Microsoft follows Google’s example and adds HTTPS encryption to Hotmail to protect user’s entire sessions
Microsoft is building on its recent security announcements for Windows Live Hotmail with the addition of a new always-on HTTPS encryption option. Users can enable encryption for their inbox, calendar, and contacts.
Microsoft announced that Hotmail users will have the option to secure their entire Hotmail session with HTTPS, instead of just their log-in. The change “joins a series of other recent security updates, with which Hotmail offers advanced security safeguards to help protect your email account from hijackers and fraud,” blogged Dick Craddock, group programme manager for Windows Live Hotmail.
Hotmail Receiving Serious Attention
Just recently, Microsoft rolled out a number of changes to Hotmail to improve security. The new features covered a lot of ground, from new proofs for user authentication to capabilities meant to detect hijacked accounts. The company introduced the ability for users to add a “Trusted PC” associated with their account, as well as the ability to add a cell phone number to their account that Microsoft can send password reset information.
In January, Google switched HTTPS to always-on by default for Gmail users. Two months later the company added a feature to warn Gmail users if their account has been compromised. The feature flags suspicious activity and generates a red alert, along with information about where the account is being accessed from.
To protect against account hijacking, Microsoft recently added heuristic-based detection to sniff out changes in log-in behaviour, spam arriving into the account or other suspicious activity. When a compromised account is discovered, it is blocked to prevent further abuse, and “out-of-office” auto-reply messages and linked accounts are suspended, Microsoft has said.
“Once you enable this feature, all of your future connections to Hotmail will be delivered over SSL,” Craddock wrote. In addition, SkyDrive, Photos, Docs and Devices pages all automatically use SSL encryption as well.
“By using a connection with advanced security features, you can be even more confident that your account is safer from hijackers and your private information is less likely to fall into someone else’s hands,” he added.
Some connections to Hotmail will not be available for users who turn on HTTPS, including Outlook Hotmail Connector, Windows Live Mail , the Windows Live application for Windows Mobile (up to version 6.5), and Symbian.