Microsoft bans easy-to-guess Hotmail passwords

Posted by Emma Woollacott

We all know that we're supposed to pick hard-to-guess passwords - but most of us know all too well that, if we do, we'll forget them ourselves.

And now Microsoft's got sick of telling us over and over again, and says it's going to ban easy-to-hack passwords on Hotmail.

"Having a common password makes your account vulnerable to brute force 'dictionary' attacks, in which a malicious person tries to hijack your account just by guessing passwords (using a short list of very common passwords)," says Hotmail group product manager Dick Craddock.

"Of course, Hotmail has built-in defenses against standard dictionary attacks, but when someone can guess your password in just a few tries, it hardly constitutes 'brute force'!"

And just in case you're feeling smug for not using 123456, there are plenty of others set to be banned - 'ilovecats' and 'gogiants', for example.

Another new feature allows users to report that a friend's account has been compromised.

"When someone’s account gets hijacked, their friends often find out before they do, because the hijacker uses their account to send spam or phishing email to all their contacts," says Craddock.

"When you get that spam message supposedly from your friend, you just click 'My friend’s been hacked!' on the 'Mark as' menu. You can also report an account as compromised when you mark a message as junk or otherwise move a message to the Junk folder."

Microsoft says it's been testing the system for a few weeks. It says it's already identified thousands of people who've had their accounts hacked, and helped them reclaim them - generally within a day, it says.