Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Hotmail adds full-session SSL for more secure webmail
There's a minor problem with that fix, however. Many sites log you in via an SSL-encrypted connection but then immediately redirect you to an insecure page -- which could expose users to unnecessary risk. If you're a Hotmail user, however, LiveSide has spotted an update to your webmail service that will help keep your data safe: full-session SSL. Microsoft had announced in June that full-session SSL support would be coming, and now any user can opt-in to the feature by visiting https://www.hotmail.com and clicking the button shown above.
What does that mean? In essence, it means that from the moment you sign in to the moment you sign out, all of your activity on Hotmail is served via HTTPS and protected by SSL. If you're using Hotmail on a public computer or unfamiliar wireless network, full-session SSL is the best way to access your account.
Gmail, of course, has had this feature for a few years -- but it's certainly a good thing to see Microsoft providing a more secure access option to Hotmail's 300+ million users.
Comments
7
Subscribe to commentsBugMeNotNov 6th 2010 11:53AM
"Your Windows Live ID can't use HTTPS automatically because this feature is not available for your account type."
WTF Microsoft?
DavidNov 6th 2010 12:18PM
I got the same message. What type of accounts aren't compatible with HTTPS???
hazardNov 6th 2010 11:01PM
Works for me.
I usually log in via live.com but wasn't given the option but I was able to enable through hotmail.com. Now when I log into live.com it maintains the https connection. Cool.
I created my account through live.com and it rolled over to hotmail a while back.
HerbNov 6th 2010 1:37PM
Works for me. Perhaps they are still rolling out the feature. Website says you can not use the Outlook mail connector if you set your account to use https. However you can always log into web Hotmail using https.
motangNov 6th 2010 1:43PM
I can't use it either, my account doesn't have that feature! Lame!
octoberasianNov 6th 2010 2:03PM
At first I thought it was an a feature only available to Hotmail Plus, but I did some digging. I know Microsoft can't be THAT greedy and heartless of a company.
I then found something on the Windows blog post:
http://windowsteamblog.com/windows_live/b/windowslive/archive/2010/11/01/use-hotmail-features-without-changing-your-email-address.aspx
There were several suggestions at the bottom of the page of replies.
Example:
"Easier solution:
1. Login from https://www.mail.live.com
2. Click on the hyperlink "Continue to hotmail"
Thats it."
Another was to select the option to "Automatically use HTTPS..." and then hit "Cancel."
Then an official response from a Microsoft employee:
"@langware and others – we’ve announced support for SSL, but we have not yet rolled it out. It’s coming soon – we appreciate your patience."
It seems not entirely ready yet.
MorganNov 6th 2010 2:27PM
Some quick checks show that while you can force HTTPS connections, but out of the roughly 2 dozen cookies set, only one of them is marked 'secure' - and changing or deleting it seems to have no affect on your session authentication. So while this may prevent someone sniffing your mail while you read it (good) - doesn't necessarily protect you against sidejacking ala FireSheep (bad).