Hotmail's new security features vs Gmail's old security features

Summary:Microsoft's revamped Hotmail, set to be rolled out in mid-summer according to the company's press release, introduces several new features. Let's review them, their applicability to today's cyber threatscape, and compare them to Gmail's currently available security features.

Microsoft's revamped Hotmail, set to be rolled out in mid-summer according to the company's press release, introduces several new security features, among which are full-session SSL, visual indication for trusted email senders, and improved password recovery mechanisms.

Let's review them, their applicability to today's cyber threatscape, and compare them to Gmail's currently available security features.

  • Trusted senders. With the new Hotmail, we help you to visually identify trusted senders in your inbox, particularly banks and other senders most commonly impersonated in phishing scams, by putting safety logos next to those senders who we recognize as legitimate.

  • Full-session SSL - In addition to providing SSL encryption of credentials at login for all accounts, the new Hotmail will soon support the option to maintain SSL encryption between you and Microsoft servers during your entire Hotmail session.

  • Single-use codes - This new security feature is designed to further help protect you by giving you the option to ask Hotmail to SMS to you a one-time temporary password if you'd prefer not to use your regular password when logging into Hotmail on public computers that could potentially harbor key logging malware that could steal your password, such as those sometimes found in internet cafes and airports.
  • Account security information - The new security platform elements we've built up around Hotmail now enable you to use your cell phone or other items as proof of account ownership. For example, if you lose your password or, worse, if your account gets compromised, we can now send you an account recapture code via an SMS message or enable you to regain access to your account.

Playing catch up from a security perspective in the free email market segment -- sorry Microsoft -- offers unique business development opportunities, that if well executed can position the follower as the market (segment) leader, at least for a while.

And although the introduction of safety logos for over 100 banks/financial institutions, is a great idea, since it would help less technically sophisticated Hotmail users spot the fraudulent emails more easily, both, trusted senders (July, 2009), full-session SSL (July, 2008), and SMS-based password recovery, have been available to Gmail users for a while.

In order to fully seize the marketing momentum, market (segment) followers are supposed to set new benchmarks, and do their best to avoid "me-too" product feature catch-up based strategies. Interestingly, Microsoft appears to have achieved it by introducing the SMS-based single sign in codes.

In comparison, Gmail only has a password recovery option via SMS, introduced in June, 2009. Here's a chronology of the introduced security features at Google's Gmail over the years:

2004 - Gmail Begins Signing Email with DomainKeys 2008 - Gmail, PayPal and Ebay embrace DomainKeys to fight phishing emails 2008 - Making security easier (choice for always on SSL) 2008 - Remote sign out and info to help you protect your Gmail account 2009 - Google Account Recovery via SMS 2009 - The super-trustworthy, anti-phishing key (visual Trusted Senders confirmation) 2010 - Default https access for Gmail 2010 - Security alerts for Gmail

Which are the unique features offered exclusively by only one of the email providers?

Basically, if it wasn't for Hotmail's upcoming single-use codes, their whole campaign would have been an embarrassing catch up marathon with Google's Gmail. Gmail's security alerts feature, however, still differentiates by emphasizing on the real-time notification for a compromise that's currently taking place.

Is there a particular security feature that both, Microsoft and Google failed to implement so far? Has the time come for both companies to acknowledge the existence of public key cryptography within their settings interface? What about the availability of disposable/temporary email accounts generation feature?

Moreover, how user-friendly was your experience with both email providers, in cases of an account compromise? With do it yourself account import and export options, is the increased security offered by a particular provider, enough for you to migrate there?

Talkback, and share you opinion.

Topics: Collaboration, Cloud, Enterprise Software, Google, Security


Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.