Hotmail Password Reset Security Boosted

To balance the recent avalanche of vulnerabilities I’ve been writing about lately, here’s some good news on the subject of computer security. I’ve written about it in the past, but there are new security measures added to Windows Live Hotmail Web mail service to help users regain control of hijacked accounts.

Citing a trend of spammers seizing legitimate accounts, Microsoft said it was kicking off new techniques to sniff out compromised Hotmail accounts, as well as giving users more ways to reclaim inboxes snatched by criminals.

Rather than rely on an alternate e-mail address and a single secret question-answer pair for resetting an account password, Hotmail now lets a user set one or more “trusted PCs” or a mobile phone as proof that he/she is the real owner of the account.

In one of the most famous abuses of a password reset feature, University of Tennessee student David C. Kernell got control of the Yahoo Mail account of former Gov. Sarah Palin during the 2008 presidential election by answering a single security question.

Kernell was later convicted on a federal felony charge and a federal misdemeanor charge.

Instead, Hotmail users can now tag multiple PCs as proof. Users locked out of their account by a hijacker can regain control simply by logging in from one of the previously-set trusted machines.

To use a PC as proof, users must have installed Windows Live Essentials, a suite of for-free applications Microsoft offers for download.

Users can also enter a mobile number as another proof. That phone will then receive an unlocking code via a text message when the user asks for a password reset.

With those proofs in place, more users will be able to reset their passwords without help from Microsoft support.

To add additional proofs, such as a trusted PC or cell phone, to a Hotmail account, users must click “Options” in the upper right of the Hotmail screen, select “More options…” from the drop-down menu, then click “View and edit personal information” under the subheading of “Manage your account.” The proofs can be added under “Password reset information.”

Microsoft isn’t the only Web mail provider beefing up security. Last week, Google announced two-factor authorization that lets businesses protect Gmail log-ins by delivering a one-time code to a cell phone via text message.

4 thoughts on “Hotmail Password Reset Security Boosted

  1. trying to remove an email from my password reset information page. It is from someone that stole my email.

    How can I remove it?

  2. I wonder if you can help as my hotmail account has been blocked. I have been travelling a lot over the last few weeks and accessing the account from different locations. After I returned home, the account was blocked when the cell phone number that Hotmail has on file to send a code to release the blockage is no longer in use. (I had attempted to update this information a couple of months ago on hotmail without success.) I sent in the hotmail webform over a week ago responding to the various security questions to confirm my identity and the form letter response indicated that it would take 5-7 days to respond. I am so frustrated and don’t know what else to do. I have so much pending and urgent work that I must access. Are you able to help? Many thanks in advance.

  3. Hi Tara,

    If these are the steps you took you just have to wait. If you did something different, then do the following steps:

    1. Click on this link : https://account.live.com/ResetPassword.aspx
    2. Click on the third option: I Think Someone Else is using my Windows Live ID.
    3. Select Reset your Password option .
    4. Enter the Windows Live account you are trying to recover.
    5. Enter the characters you see on the picture, and then tick on Next.
    6. Click on Customer Support.
    7. When a highlighted Customer support phrase appears, click on it.
    8. Re-enter the Windows Live account you are trying to recover.
    9. Enter your alternate email address. (Active email address that you have access to even if it’s not associated with the account).
    10. Click on Continue.
    11. Validate your identity by providing as much information as you can on the Recover your Windows Live account page then click on Continue to submit.
    12. A page that says Your information has been submitted will appear, (just wait for the result of the account recovery request on your alternate email address)

Leave a Reply

Your email address will not be published. Required fields are marked *