Microsoft beefs up Hotmail security

Microsoft is readying a security update for its Hotmail service designed to prevent attackers from compromising and managing user accounts.

The update, which is scheduled for October, includes full-site SSL security protection, rather than just using SSL on the site's log-in screen.

"Today, we are releasing new features to safeguard everyone's account from hijackers," wrote John Scarrow, general manager of security services at Microsoft, in a blog post.

"These updates help you protect your password and, in the unlikely event that a hijacker gains access to your account, provide a more secure recovery path so you will always be able to get your account back and kick the hijackers out."

The update will also add security proofs to the service, including mobile phone numbers and marking the user's computer as a 'trusted PC'. The options complement existing proofs, such as alternative email address and personal questions.

Microsoft also said that it is working to close loopholes which could allow an attacker to re-access a compromised account. Users will now be required to answer one security proof before being able to change others.

Other tools will analyse log-in history and account activity to help separate accounts set up by spammers from legitimate accounts that have been compromised.

This will help to streamline the detection and handling of fraudulent accounts, Microsoft said.