The improved webmail service will support full session SSL encryption, which protects email as it travels between a user's browser and Hotmail servers, Microsoft announced this week. Previously, SSL encryption was only available for accounts during login.
A Microsoft spokeswoman told SCMagazine on Friday that customers can expect the new Hotmail in the coming months.
Microsoft also plans to add a new feature to Hotmail called “proofs,” which was developed to help users recover access to a hijacked account. The feature will enable users to associate a Hotmail account with a PC or cell phone. If a user forgets his or her password, or it is stolen, Microsoft will be able to send a new password via text message.
Another new Hotmail security feature was designed to protect users when they log in from a public computer.
Users will be able to request a one time password be sent to an alternate email address or mobile phone number, Microsoft said. This single-use code could help prevent password theft if a user logs into Hotmail from a public computer that is infected with malware.
Additionally, the new Hotmail will include another new feature called “trusted senders,” to help prevent users from falling for phishing and malware attacks. Microsoft plans to visually identify legitimate email messages from financial intuitions and other senders that are regularly spoofed by cybercriminals. A safety logo will appear next to legitimate messages from trusted senders.
Meanwhile, Google and other sites have already implemented similar security improvements.
For example, in July 2009, Google announced it added an icon in Gmail next to verified emails coming from PayPal and eBay to signify they are not spam or phishes. In addition, Google recently enabled full-session SSL encryption for all Gmail users by default and began alerting users of suspicious account activity, such as an account login from a suspicious IP address.
Facebook also last week announced a new security feature designed to notify users when their account is accessed from an unapproved device.