Has your friend been hacked?

Alert LiveSide readers spotted the “My friend’s been hacked” feature (in the comments) on Hotmail back when the new faster version was released a few weeks ago, and today the Inside Windows Live blog has some more info on a revised version of this feature, as well as an upcoming feature to ban common passwords.

In the blog post, Hotmail PM Dick Craddock acknowledges that account hijacking is a big problem:

We’ve noticed a couple of things about hijacked accounts. First, many accounts have weak passwords that make them easy targets for hijackers. Second, when someone’s account gets hijacked, their friends often find out before they do, because the hijacker uses their account to send spam or phishing email to all their contacts.

These two observations led us to develop a couple of new features that help protect your accounts. The first lets you report a friend’s account as compromised – a feature unique to Hotmail – and the second prevents you from using common passwords that make your account easy to hack.

Reporting an email account as “hacked” is simple, you just drop down the “Mark as” dialog and click on “My friend’s been hacked”.  When the feature first rolled out it was confined to Hotmail accounts only, but Microsoft has worked with other email providers (like Gmail and Yahoo!), and now Microsoft will pass along the compromise information to both Yahoo! and Gmail.


In addition, Hotmail is taking additional steps to cut down on common passwords, an easy way for hackers to gain access to your account:

Common passwords are not just “password” or “123456” (although those are frighteningly common), but also include words or phrases that just happen to be shared by millions of people, like “ilovecats” or “gogiants.”

This new feature will be rolling out soon, and will prevent you from choosing a very common password when you sign up for an account or when you change your password. If you’re already using a common password, you may, at some point in the future, be asked to change it to a stronger password.

Our advice: if you’re using a common password, CHANGE IT NOW!  Heck, even if you have a strong password, now’s a good time to change it, and make a habit of changing your passwords frequently.

Read more on the blog post, and learn more about taking back control of your account if it was marked as compromised, and learn how to create a strong password!