It looks like Microsoft is actually taking proactive steps to force users to create stronger passwords. Microsoft is gearing up to update the password policy on its email service, Hotmail, to ban common passwords and phrases from being used. If you are one of the many people who feel "password" is a sufficiently strong password, this is for you.
Ars Technica is reporting that Hotmail's new password policy will block users from using very common passwords like "123456" or "password". The system will also block common phrases from being used as account passwords, for example "ilovecats." Microsoft may also extend this ban to existing email accounts at some point in the future.
Considering the recent rash of hacking attacks that have targeted everyone from Sony to the Pentagon, this is a pretty smart move on Microsoft's part. All of those attacks have made it very clear that common passwords are being used by everyone from high ranking military officials to the guy who serves you coffee in the morning.
The other nifty thing Microsoft is implementing is a tool to notify support when an account has been hacked. If a user receives spam email from a friend or acquaintence's account, they will be able to use the "Mark as" drop down box to choose "My friend's been hacked!" The account will be locked out from the spammer and when the owner of the account attempts to login they will be prompted with an account recovery process to regain control. That sounds like something Facebook and Twitter need to implement immediately.
This is the kind of policy that should be adopted by any service that is login protected. It might be more annoying to remember a safer password, but the liklihood of having your bank information, email accounts, or World of Warcraft gold stolen is much much lower if the password is strong. Hopefully this kind of policy gets quickly implemented by other services and is applied retroactively to current users.
