Data security and privacy in Windows Live

Windows Live is entrusted with safekeeping the email, contacts, photos, documents, and more that over 500 million people bring to our services each month. Today is worldwide Data Privacy Day, and we’re observing it by focusing on a critical way to help keep your data private: protecting it from account hijackers.

Over the last year, we have made significant investments in this area, and we are honored that the European security and safety organization TüV Trust IT Corp. awarded its seal of Trusted Email Service to Hotmail, making us the first US based web mail service to receive the seal. In the same month, Fox Business ranked Hotmail as the #1 email service for safety and security. While we’re excited to receive this feedback, we know that this is an ongoing battle against hijackers that demands our continued focus, and we will work relentlessly to keep you safe. We think of this in three parts – joining forces across the industry to pool our resources, blocking abuse algorithmically, and giving customers tools to stay in control.

Joining forces across the industry

Data privacy and security really takes an industry-wide effort. More than ever, access to the data in your accounts is connected across multiple services. Additionally, because many people use the same password across their multiple email and social networking accounts, if a hijacker compromises one account, the rest may quickly fall victim. This interdependence makes it more important than ever for these initiatives to be cross-industry, and we are aligned with Google and others in this fight.

Blocking abuse algorithmically

Windows Live is continually getting smarter about detecting and neutralizing threats automatically. One way that hijackers attempt to steal your data is by creating fake email addresses or websites that impersonate “official” ones and ask for your passwords or other information. To help protect against these schemes, we add a green shield icon next to messages from known, trusted senders, and we use Microsoft SmartScreen to automatically recognize and warn you about suspicious senders and messages.



Despite precautions, passwords can still become compromised, so we constantly monitor for suspicious behavior. For example, if we detect login attempts from multiple continents, we will check to verify that a human is using the account, because hijackers often use automated scripts. And if we detect major changes in volume of email being sent or spam-like activity, we will automatically cut off the spammer to stop the abuse and allow you to reclaim your account.

We provide you with tools to stay in control

Although we work hard to prevent abuse, you also play a big role in setting yourself up to be secure and in control of your account. Beyond making your password more complex and never sharing it, there are things that you can do to help keep it secure.

For example, if you are using a public computer that is vulnerable to key-logging, instead of entering your true password, you can use a single-use code, a one-time password sent to your cell phone.



We also offer advanced and reliable password recovery options. When you set these up in advance, they act as a spare key to your account and allow you to take back control if a hijacker tries to lock you out by changing your password. Setting up at least two of these “proofs” – alternate email address, cell phone number, or a physical PC that is designated as “trusted” by your account – will allow you to retake control of your account in seconds, should it become compromised.

For these tools to be effective, we need to make sure that you know about them, so here’s a short video about how to stay secure.



If you’ve ever received an email from a friend’s account that was hacked (e.g., advertising prescription medication or asking for money because they’re stuck in a foreign country), you should share this information with them so they can keep themselves safe as well. As always, let us know what you think and how we can make your account even more secure.

Dharmesh Mehta

Director, Windows Live Product Management


aggbug.aspx

More...
 
Back
Top