Hotmail has introduced a few new features to help protect users from account hijacking. I’ve seen a lot of hijacking in the past few years where somebody will get access to your e-mail account like a Hotmail or Yahoo!. Instead of taking over the account and changing the password or anything, they might send a few messages out to all your contacts and the messages might be spam or malicious. Even trickier hijackers will set a vacation or out-of-office message so that every time somebody e-mails your account, they automatically get a spam reply.
Hotmail wants to help neutralize these hijacked accounts. If you receive a malicious or spammy e-mail from a known contact, you can mark the message as “My friend’s been hacked!’
You can also mark a message as junk and choose to suggest that the account has been hacked.
With enough votes that an account has been hacked, Hotmail will send the account into a quarantine where the spammer won’t be able to access the account and the account holder will have to verify their ownership to regain control.
These reports work with Hotmail, Yahoo!, and Gmail but it’s unknown if the other companies will react to reports of a compromised account.
In addition to crowd-sourcing the hijacked account reporting, Hotmail is taking a step to prevent accounts from being hijacked in the first place – they’re disallowing common passwords. We’ve all seen the stats from big data breaches where they show ‘123456’ and ‘password’ as the most common passwords. Hotmail will be blocking those passwords for new accounts or password change requests as well as other passwords they see shared by a large number of their users. They may also require current common passwords to be changed at some point in the future.
Both changes sound logical and like the whole Internet can benefit from them. We’ll see if other e-mail providers take similar approaches and establish protocols for quarantining compromised accounts.