Microsoft has announced it is banning Hotmail users from using common passwords, such as “password” or “123456”, that are very easy for hackers to guess.
“Having a common password makes your account vulnerable to brute force ‘dictionary’ attacks, in which a malicious person tries to hijack your account just by guessing passwords,” wrote Hotmail program manager Dick Craddock in a blog post. “Of course, Hotmail has built-in defenses against standard dictionary attacks, but when someone can guess your password in just a few tries, it hardly constitutes ‘brute force!’”
Hotmail users who are already using common passwords may, at some point in the future, be asked to change them to make them stronger, added Craddock.
The change is part of a raft of new security features designed to improve account protection for webmail users. These include a new option for Hotmail account holders to flag up when their friends’ accounts have been compromised by spammers. The “Mark as” drop-down menu now includes the option: “My friend’s been hacked!”
The news follows several high-profile hacks, in which email addresses and passwords have been compromised. Analysis of the passwords compromised in the Gawker Media hack late last year found the most common to be “123456” and “password”. Other common terms included “monkey”, “qwerty”, “consumer” and “lifehack”.
Meanwhile, in April this year, hacker group LulzSec stole account information of up to 77 million users on the PlayStation Network and Qriocity. A week later the company admitted that the Sony Online Entertainment gaming service had also been breached, affecting an additional 24.6 million users.
According to security firm Sophos, 33 percent of computer users use the same password for all their online accounts, and nearly half (48 percent) have a handful of options. Only 19 percent use different passwords for every website they sign up to.
“Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain,” warned Sophos senior technology consultant Graham Cluley in December. “Password security is becoming more important than ever. Make sure that you’re taking the issue seriously, or suffer the consequences.”
Earlier this year, Google added two-step authentication to a variety of its accounts, such as the basic Google account and its Gmail services. According to Google product manager Nishit Shah, the opt-in security feature makes Gmail accounts significantly more secure.
The two-step authentication process will involve the user’s password plus a code sent to a phone number the user provides. Once it is set up, when users enter their password they will also be prompted to enter a code provided by Google.
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…