Hotmail is banning passwords such as 'password', '123456', 'ilovecats' and 'gogiants', in an attempt to make it harder for spammers to hijack users' email accounts.
People who sign up for the web email service will be prevented from using a password typically used by millions of others, Microsoft said in a blog post on Thursday.
"This new feature will be rolling out soon, and will prevent you from choosing a very common password when you sign up for an account or when you change your password," wrote Dick Craddock, group program manager for Hotmail. "If you're already using a common password, you may, at some point in the future, be asked to change it to a stronger password."
Hotmail subscribers already using one of the banned passwords may be asked to choose one that is harder for spammers and phishing gangs to guess in a brute force dictionary attack, Craddock added.
Graham Cluley, senior technology consultant at Sophos, said people often use the first word that comes to mind, such as the brand of monitor they use, when prompted for a new password.
"There are thousands of commonly used passwords, which hackers are aware of," Cluley told ZDNet UK. "If everyone can use the word 'password', then [account security] is as thin as tissue paper."
People often reuse passwords across accounts, so if the password gets exposed, hackers can use it elsewhere, he noted.
'My friend's been hacked'
As part of its push to protect Hotmail accounts, Microsoft is also introducing a feature for people to tell the company if they suspect an email account has been compromised. Users are given the option to mark a message with a 'My friend's been hacked' label, or they can mark a message with 'I think this person was hacked' when moving it to junk mail.
ZDNet UK's App of the Day
ZDNet UK's App of the Day
Sign up to ZDNet UK's daily newsletter and get all the latest tech news as well as an app recommendation of the day, hand-picked by our editorial team
The software maker has received thousands of reports of possibly compromised accounts since it started to use the technology a "few weeks" ago, according to Craddock.
"When you report that your friend's account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked," he said. "It turns out that the report that comes from you can be one of the strongest 'signals' to the detection engine, since you may be the first to notice the compromise."
Microsoft uses a 'compromise detection engine' in its anti-spam technology similar to the software used by banks to detect anomalous use of payment cards. Reports from 'friends' rank highly in marking an account as sending spam, according to Craddock.
Yahoo and Google have signed up to receive reports of suspected spam to Yahoo and Gmail from Hotmail users, said Microsoft.
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Talkback
This post has been removed by a moderator.
This post has been removed by a moderator.
This post has been removed by a moderator.
Who uses Hotmail? Or its spaces, or live spaces or whatever it's calling it now. I stopped using hotmail a decade ago and only use my account when forced to register with websites that want to be able to send me emails or spam as I never bother to log in otherwise. Why is it that Hotmail alone seems to be plagued by spammers and such hijacking as is forcing them to ban people's password choices? If I choose to take a risk in choosing a password I can remember, how is it affecting them? I have no problem at all with yahoo or gmail. And then it's the way hotmail communicates- "Hooray!" it tells me in a pop-up using its nauseating faux-informal Americanism, as it takes credit after I myself had to manually delete literally hundreds of obvious spam from my junk folder. Give me a company that takes itself and its users seriously anytime whilst Microsoft sends its 'Bing' into Bed with the Chinese after Google found its conscience again.
www.tracesofevil.com
A vast number of non-technical people - very often people who do not have a personal broadband connection. Put a job advert in the JobCentre system and in my experience 60% of the replies will come from Hotmail addresses.
This is true. And many of those applications will be using email addresses that are inappropriate for a job application.
This post has been removed by a moderator.
This post has been removed by a moderator.
This post has been removed by a moderator.
This post has been removed by a moderator.
I want my email
This post has been removed by a moderator.
This post has been removed by a moderator.
This post has been removed by a moderator.
This post has been removed by a moderator.