Web Access Management: Does Hotmail trust you?

Hot on the heels of Google’s web access management announcements, Microsoft have made changes to the way Hotmail handles forgotten passwords. Users will be able to nominate “Trusted” PCs, from which password resets can be processed, and opt to register a mobile phone four SMS 2FA.

“Rather than rely on an alternate e-mail address and a single secret question-answer pair for resetting an account password, Hotmail now lets a user set one or more “trusted PCs” or a mobile phone as proof that she is the real owner of the account, said Dan Lewis, a senior product manager with the Hotmail team.”

Here’s the full coverage from Computerworld
http://www.computerworld.com/s/article/9188462/Microsoft_boosts_Hotmail_password_reset_security

And here’s the original release from John Scarrow , General Manager – Safety Services, Microsoft.
http://windowsteamblog.com/windows_live/b/windowslive/archive/2010/09/27/hotmail-security-updates-protect-you-from-account-hijackers.aspx

It’s great to see security enhancements, especially in the consumer space where User’s are notoriously difficult to educate. Furthermore, Users’ expectations for how to use technology within the workplace are shaped by their experiences as consumers, so hopefully features like this and the rationale will in the long term influence their security awareness.

Leave a Reply