Weak Passwords Shun From Windows Live Accounts

Hotmail Inbox
Image via Wikipedia

Weak passwords are soon to be disallowed in all Windows Live accounts in a bid to lower the problem of account hijacking. Common passwords and phrases such as ‘ilovecats’, ‘gogiants’ and even just ‘password’ will all be removed. As well as removing weak passwords, users will now be given the option to report accounts which they think have been hijacked.

Dick Craddock, Group Program Manager for Windows Live Hotmail, said ‘we know that account hijacking is a big problem, and we continue to work hard to prevent it,’ on the Windows Live Team blog. When users report an account as compromised, a system will combine your report with other collected information. If believed to be compromised, accounts will then be stopped from usage by the spammer and the original user will be ‘put through an account recovery flow.’

Craddock said that although they had brute-force attack (the use of a list of words to check all combinations of passwords) protection, passwords could be guessed on by the third or fourth time when weak passwords were used.

Last year, the dangers of weak passwords were put in perspective. Hackers gained access to 31 million accounts. It was found that the most common password was used on 290,731 of the accounts with the next most-common passwords including ‘password’, ‘iloveyou’, ‘princess’, and ‘rockyou’.


LulzSec Releases 62,000 Email Addresses and Passwords

Random Buttons

LulzSec said ‘these are random assortments from a collection, so don’t ask which site they’re from or how old they are, because we have no idea,’ adding that they didn’t know how many of the passwords worked. The list was previously removed by MediaFire, only to be re-uploaded by LulzSec.

One Twitter user, TheDancingMilk, tweeted that they gained access to major websites using a password and email from the list. ‘Got an Xbox Live, Paypal, Facebook, Twitter, YouTube…’ Others had Amazon accounts and Paypal accounts with 250 pounds.

To find out if your email address is included visit Gizmodo, alternatively download the text file from MediaFire [file taken down] and use the search function to find your email addresses.