Microsoft Deepens Hotmail HTTPS Encryption for Security

Microsoft is building on its recent security announcements for Windows Live Hotmail with the addition of a new always-on HTTPS encryption option.

Microsoft announced the feature Nov. 9. With it, Hotmail users will have the option to secure their entire Hotmail session with HTTPS, instead of just their log-in. The change “joins a series of other recent security updates, with which Hotmail offers advanced security safeguards to help protect your e-mail account from hijackers and fraud,” blogged Dick Craddock, group program manager for Windows Live Hotmail.

Just recently, Microsoft rolled out a number of changes to Hotmail to improve security. The new features covered a lot of ground, from new proofs for user authentication to capabilities meant to detect hijacked accounts. The company introduced the ability for users to add a "Trusted PC" associated with their account, as well as the ability to add a cell phone number to their account that Microsoft can send password reset information.

In January, Google switched HTTPS to always-on by default for Gmail users. Two months later the company added a feature to warn Gmail users if their account has been compromised. The feature flags suspicious activity and generates a red alert, along with information about where the account is being accessed from.

To protect against account hijacking, Microsoft recently added heuristic-based detection to sniff out changes in log-in behavior, spam being sent from the account or other suspicious activity. When a compromised account is discovered, it is blocked to prevent further abuse and vacation auto-reply messages and linked accounts are suspended, Microsoft has said.

In the case of HTTPS, Hotmail users can enable encryption for their inbox, calendar, and contacts, by going to https://account.live.com/ManageSSL.

“Once you enable this feature, all of your future connections to Hotmail will be delivered over SSL,” Craddock wrote.

In addition, SkyDrive, Photos, Docs and Devices pages all automatically use SSL encryption as well, he added.

“By using a connection with advanced security features, you can be even more confident that your account is safer from hijackers, and your private information is less likely to fall into someone else’s hands,” he wrote.

Some connections to Hotmail won’t be available for users who turn on HTTPS, including Outlook Hotmail Connector, Windows Live Mail and the Windows Live application for Windows Mobile (versions 6.5 and earlier) and Symbian.