Let's review them, their applicability to today's cyber threatscape, and compare them to Gmail's currently available security features.
Playing catch up from a security perspective in the free email market segment -- sorry Microsoft -- offers unique business development opportunities, that if well executed can position the follower as the market (segment) leader, at least for a while.100 banks/financial institutions, is a great idea, since it would help less technically sophisticated Hotmail users spot the fraudulent emails more easily, both, trusted senders (July, 2009), full-session SSL (July, 2008), and SMS-based password recovery, have been available to Gmail users for a while.
In order to fully seize the marketing momentum, market (segment) followers are supposed to set new benchmarks, and do their best to avoid "me-too" product feature catch-up based strategies. Interestingly, Microsoft appears to have achieved it by introducing the SMS-based single sign in codes.
In comparison, Gmail only has a password recovery option via SMS, introduced in June, 2009. Here's a chronology of the introduced security features at Google's Gmail over the years:
2004 - Gmail Begins Signing Email with DomainKeys 2008 - Gmail, PayPal and Ebay embrace DomainKeys to fight phishing emails 2008 - Making security easier (choice for always on SSL) 2008 - Remote sign out and info to help you protect your Gmail account 2009 - Google Account Recovery via SMS 2009 - The super-trustworthy, anti-phishing key (visual Trusted Senders confirmation) 2010 - Default https access for Gmail 2010 - Security alerts for Gmail
Which are the unique features offered exclusively by only one of the email providers?
Basically, if it wasn't for Hotmail's upcoming single-use codes, their whole campaign would have been an embarrassing catch up marathon with Google's Gmail. Gmail's security alerts feature, however, still differentiates by emphasizing on the real-time notification for a compromise that's currently taking place.
Is there a particular security feature that both, Microsoft and Google failed to implement so far? Has the time come for both companies to acknowledge the existence of public key cryptography within their settings interface? What about the availability of disposable/temporary email accounts generation feature?
Moreover, how user-friendly was your experience with both email providers, in cases of an account compromise? With do it yourself account import and export options, is the increased security offered by a particular provider, enough for you to migrate there?
Talkback, and share you opinion.