Microsoft exposed Hotmail users password Online (WTF)

  उड़ते तीर You are here
Views: 892
msn If you use Microsoft's free Hotmail service, it may be time to change your password: Microsoft said Monday that several thousand Hotmail account credentials were posted online over the weekend.

In a statement posted to its Windows Live Spaces blog, Microsoft said the company has determined that the data spill was not the result of a breach of internal Microsoft data, but rather was likely the haul from a phishing scheme.

Microsoft said it is taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts. Microsoft said users who believe their information was documented on the illegal list (i.e., you have reason to believe you may have recently fallen for a Hotmail phishing scam) can reclaim access to their accounts by filling out this form.

October being Cyber Security Awareness Month and all, it's probably a good idea to remind readers about password best practices, particularly as they relate to Webmail accounts.

-Make sure you have set up an alternate e-mail address for your account. Most free Webmail providers, including Hotmail, Gmail and Yahoo! offer this feature, which is usually accessible under the user account settings. This way, even if someone does manage to steal your password, you can reset it by having the "reset your password" link sent to an alternative e-mail inbox. This is especially useful should you find yourself in the unenviable position of having your Hotmail inbox held hostage and being subjected to extortion in order to regain access to it (see Your Money or Your E-mail)

-Avoid using your e-mail password as your password at other sites. If that other site gets hacked, not only do the attackers know your e-mail address, but they now also have your e-mail password. That said, many online forums that require you to pick a password and user name, and I think it's generally okay to use the same password at multiple forums, provided said forums don't store personal or financial data about you.

-Several high-profile Webmail account password compromises have succeeded because victims picked easily-guessed answers for their "secret question and answer" pair that many sites use as a password reset security feature. Often, the questions request personal information that may not be terribly secret in this age of social networking and online consumer databases. If you have the choice, create your own unique question and answer. If you must pick from a preexisting list of questions, consider choosing a bogus answer that makes you laugh and has special meaning for you (you're more likely to remember a false answer this way).

-DO NOT use your user name as your password.

-Don't use easily guessed passwords, such as "password."

-Do not choose passwords based upon details that may not be as confidential as you'd expect, such as your birth date, your Social Security or phone numbers, or names of family members.

-Create unique passwords that that use some combination of words, numbers, symbols, and both upper- and lowercase letters. One way to forge strong, memorable passwords is to use the first letter from each word of a favorite phrase, book or movie. For example, "The ratio of people to cake is too big," could be "Troptcitb," a fine and fun password (especially if you include the capitalization).

-If you need to write down your passwords, consider storing them in a password vault that encrypts the information, such as Password Safe, Keypass, or Roboform. Mac users have this functionality built into the operating system in Keychain, which consolidates a user's passwords in one place and makes them accessible via a master password or passphrase.

Source: .washingtonpost


Latest Posts

  Posted on Tuesday, October 6th, 2009 at 11:15 AM under   उड़ते तीर | RSS 2.0 Feed
Start Discussion!
(Will not be published)
(First time user can put any password, and use same password onwards)
(If you have any question related to this post/category then you can start a new topic and people can participate by answering your question in a separate thread)
(55 Chars. Maximum)

(No HTML / URL Allowed)
Characters left

(If you cannot see the verification code, then refresh here)