Microsoft added new security features to Hotmail today that are designed to make it harder for accounts to get hijacked and easier for victims to recover them if so.
Hotmail users have been able to answer a security question or have an e-mail sent to an alternate e-mail address when they need to get into their locked account, either because it was hijacked or because they forgot the password. Those systems can be problematic as many people forget the security questions or they can be easily figured out by strangers with enough Web research.
Now, they can register a mobile phone number that a secret code can be sent to via SMS so they can reset the password. And they can also use a trusted computer that they have registered with Hotmail in advance so that if that computer is used, Hotmail will automatically trust the communication and allow the user to reset the password.
In addition, before adding a new proof method or changing an existing one, Hotmail users will have to have access to at least one existing ownership verification method, Microsoft announced at the TechCrunch conference and on the Inside Windows Live blog. This means that hijackers who steal passwords can't lock the rightful Hotmail users out of their accounts by changing that information.
If accounts have no proofs set up and customers lose access they can work with Microsoft support representatives directly at www.windowslivehelp.com/accountrecovery.
Microsoft also shows a "trusted sender" shield icon on e-mail that has been verified as legitimate and sends a one-time password to mobile phones for Hotmail users who don't want to type in their real password on a public computer.