3 min read

Hotmail Bans Guessable Passwords, Like 'Password'

12345 won't cut it anymore, either. Microsoft Hotmail users must get more creative--and secure.
Gmail Add-On Boosts Support Features
Slideshow: Gmail Add-On Boosts Support Features
(click image for larger view and for slideshow)
Hotmail users will soon no longer be able to employ lazily constructed passwords like "12345," "password," or common phrases like "ilovecats" to secure their accounts against hackers, identity thieves, or jealous exes.

Microsoft plans to institute new password rules and other security features for the email system, used by roughly 500 million individuals, which will require users to put more thought into their efforts to thwart cyber-intruders.

The company in the coming weeks will introduce new password rules that will prohibit Hotmail users from employing passwords that Microsoft believes are vulnerable to so-called dictionary attacks. Dictionary attacks are efforts by hackers to simply guess a password based on commonly used names, numbers, and personally identifiable information.

Hotmail users whose existing passwords are deemed vulnerable may be asked to create new ones, as well.

"This new feature will be rolling out soon, and will prevent you from choosing a very common password when you sign up for an account or when you change your password," said Hotmail group program manager Dick Craddock, in a blog post. "If you're already using a common password, you may, at some point in the future, be asked to change it to a stronger password."

Microsoft is taking other steps to secure Hotmail accounts, thousands of which fell victim to a massive phishing scam in late 2009. Another new feature will make it easier for users to send an alert if they suspect a friend or colleague's account has been hacked.

"Maybe you've had this happen to you: You sign in to Hotmail, and you see you've got some new mail from one of your friends. You open the message only to discover it's spam!" wrote Craddock in a blog post. "Whatever the case, one thing is for sure: this email isn't really from your friend at all."

To report the abuse, users will soon see a new item under the messages' "Mark as" menu labeled "My friend's been hacked!" Tagging a message with that label will alert Microsoft to the problem, Craddock said. "When you help out in this way, it makes a big difference."

The bottom line: Thousands of Hotmail users will no longer be able to use "password" as their password.

InformationWeek Analytics is conducting a survey on mobile device management and security. Respond to the survey and be eligible to win an iPod Touch. Take the survey now. Survey ends July 22.