Sign in with
Sign up | Sign in

Microsoft Says Outlook Security Will Be Better Than Gmail

By - Source: Mashable | B 20 comments

Microsoft is investigating ways to beef up security without having to resort to a 2-step method.

A spokesperson from Microsoft recently told Mashable that the company is working to offer better security for users of the web-mail service formerly known as Hotmail, Outlook.com, than what Google provides for its Gmail clients. But when asked what those security measures would be, the spokesperson merely said Outlook would require "strong passwords" and possibly even single-use codes.

For the uninitiated, Google requires the typical username and password login credentials. But users can also activate the two-step security method which includes a second numeric code that's sent directly to the user's associated smartphone. This code changes every thirty days, and new ones are provided when the user logs onto Google's services from a different browser. Sometimes the user is even required to set up a permission first, and is given a long string of numbers and letters to use as the initial password.

"2-step verification helps protect a user's account from unauthorized access should someone manage to obtain their password," Google states. "Even if a password is cracked, guessed, or otherwise stolen, an attacker can't sign in without access to the user's verification codes, which only the user can obtain via their own mobile phone."

Microsoft's proposed single-use code would also be sent to the user's associated smartphone via texting, but these are used in replace of the user's password. This helps prevent hackers from using keyloggers to gain a user's password when logging in at a public access. However Microsoft hasn't settled on this method, as Outlook is still in preview mode and the company itself is in research & development mode.

According to the rep, Microsoft has in fact looked into using the 2-step security method, but chose not to take that route because only a small number of Gmail users actually use it (and it's a pain, to be honest, but effective). Instead, Microsoft wants "to find a strong solution that everyone can use, versus just the 1-percent of users that figure out how to navigate a bunch of additional setup options."

Recently Wired reporter Mat Honan saw his phone, tablet and laptop taken over and wiped by hackers because he had not activated two-factor authentication on his Gmail account. While not quite as damaging, my personal Google account was also hacked because two-step authentication was not activated. Hackers used the stored credit card number to purchase Google Voice minutes and make international calls. Google quickly refunded the money and suggested that two-step authentication be used in the future. Aye aye, cap'n.

On July 31, Microsoft tore down the long-standing Hotmail service and launched a new, built-from-the-ground-up web mail service called Outlook.com. Users trying to access Hotmail using the old URL are directed to the new Modern-themed Outlook web client. The overall functionality is seemingly the same -- the Outlook version just looks more streamlined, more hip. Office connectivity means users can open Microsoft Word, Excel or PowerPoint documents from an email. Skype video chats can even be launched from the inbox.

"We think the time is right to re-imagine personal email, from the datacenter to the user experience," Chris Jones, Microsoft's corporate vice president of Windows Live, said in a press release at launch.

 

Contact Us for News Tips, Corrections and Feedback

Display 20 Comments.
This thread is closed for comments
Top Comments
  • 10 Hide
    bourgeoisdude , August 13, 2012 1:37 PM
    "Instead, Microsoft wants 'to find a strong solution that everyone can use...'"

    In other words, hackers too. *Sigh* The whole point of why I like Gmail's two-factor authentication is that only 1% of the users use it. If everyone used it, hackers would be obligated to figure out how to break it.
Other Comments
  • 8 Hide
    cookoy , August 13, 2012 1:33 PM
    Fundamental law of marketing: Always say mine is or will be better than yours or theirs.
    My bank uses the 2-step security method. I think it's cool.
  • 10 Hide
    bourgeoisdude , August 13, 2012 1:37 PM
    "Instead, Microsoft wants 'to find a strong solution that everyone can use...'"

    In other words, hackers too. *Sigh* The whole point of why I like Gmail's two-factor authentication is that only 1% of the users use it. If everyone used it, hackers would be obligated to figure out how to break it.
  • 4 Hide
    digiex , August 13, 2012 2:26 PM
    Quote:
    Microsoft Says Outlook Security Will Be Better Than Gmail


    Of course... It's their product.
  • 4 Hide
    burns11 , August 13, 2012 2:43 PM
    come on guys, Xbox Live is so secure you just know Outlook is going to be the Fort Knox of email.
  • 0 Hide
    Anonymous , August 13, 2012 3:17 PM
    The two factor authentication code on my gmail changes a lot more often than every 30 days as stated in the article. It's more like every 30 seconds.
  • 4 Hide
    Vorador2 , August 13, 2012 3:46 PM
    Two factor authentication is a pain in the ass, but is far harder to crack than just a single password. I have it enable on my account and unless the hacker physically has your phone, it's impossible.

    So no, it won't be better. And the gmail account of the journalist was hacked because the password recovery was tied to the Apple mail, not because the security of gmail itself was weak.
  • 0 Hide
    milktea , August 13, 2012 4:49 PM
    All I can say is, use different passwords for different accounts. And always use up to the max allowable password length. And don't ever login to your accounts using another/public/untrusted computers.

    It is too bad that Outlook.com only allows up to 16 characters for the passwords. I would feel more secure if they had allowed up to 64 characters.
    :) 
  • 0 Hide
    dextermat , August 13, 2012 4:49 PM
    I think they said that about all new version of windows... only a question of time before hack
  • 0 Hide
    CaedenV , August 13, 2012 4:52 PM
    If MS would just cut down on spam without blocking real messages we will all be happy.

    I love the new 'not metro' interface of Outlook.com by the way, can't wait for skydrive to follow suit
  • 0 Hide
    rantoc , August 13, 2012 4:54 PM
    joriahThe two factor authentication code on my gmail changes a lot more often than every 30 days as stated in the article. It's more like every 30 seconds.


    Different IP's each login then i take it? Got static here and 30 day as stated seems to be accurate.
  • 0 Hide
    olaf , August 13, 2012 4:56 PM
    will this be the same service that deletes an email account if you don't log in for 60 days ?
  • 0 Hide
    milktea , August 13, 2012 6:05 PM
    jacekringNote about phone encryption, this will not protect you from police. Police can still access your phone because Google gives police a method to decrypt your phone for a one time access.

    Maybe we should push for TrueCrypt for Android. But I wonder if Google would allow the App.
  • 0 Hide
    hpfreak , August 13, 2012 6:20 PM
    Microsoft may have a " more secure email" but that doesn't mean they can't sniff at it lol
  • 0 Hide
    eddieroolz , August 13, 2012 6:44 PM
    I hope so, though Microsoft asked for my phone number anyway.
  • 0 Hide
    matt_b , August 13, 2012 6:45 PM
    Quote:
    But when asked what those security measures would be, the spokesperson merely said Outlook would require "strong passwords" and possibly even single-use codes.

    Get ready to write down that minimum of 20 characters password somewhere. When something is designed by a human, it can be reverse-engineered BY a human and therefore broken/cracked. There will almost always be a way.
  • 0 Hide
    f-14 , August 13, 2012 7:15 PM
    so microsoft is saying they are only going to slightly improve outlook as opposed to fixing it properly. how about they just remove it from all windows operating systems and make it an add on to office.
  • 0 Hide
    Anonymous , August 13, 2012 7:30 PM
    Google's 2-factor authentication key is required for every login (and changes about every 30 seconds) unless you check "remember this computer for 30 days" option, and then it's only on that computer that you don't have to re-enter it. Chances are a hacker isn't going to be using your own computer, and in that case you have bigger issues.

    iOS is in fact encrypted, and basically impossible to perform forensics on. This article links to a white paper on iOS Security. http://www.macrumors.com/2012/08/13/apples-unbreakable-ios-device-encryption-highlighted/
  • 0 Hide
    trevorluce , August 13, 2012 8:25 PM
    I lock myself out of accounts with a 2 step login system far more than Its kept any hacker out.
  • 0 Hide
    zhihao50 , August 14, 2012 2:38 AM
    They should introduce three factor authentication where for the third factor you have to fill out a form detailing every little secrate only you could possibly know and its compared to their profile of you to make sure it match. And the information you gave will not be solded to other company for advertising use.
  • 0 Hide
    andrew_b , August 20, 2012 3:04 PM
    I use two factor authentication across a lot of my accounts. I feel a lot more secure when I can telesign in to my account, it gives me the confidence that my account won't get hacked and my personal information isn't vulnerable. To say they will be stronger security without using 2FA is impossible.