So it could be more than coincidence that Redmond should be beating its chest about security on its Hotmail webmail replacement, Outlook.com, during the same week that Gmail played a prominent role in a highly publicized hacker attack on a tech journalist’s online accounts.
Although Gmail’s role in the elaborate sacking of Mat Honan’s online life would have been a non-starter if the Gizmodo reporter had activated the service’s two-factor authentication for his account, Microsoft didn’t turn its back on the opportunity to tweak Google about its webmail offering.
To Microsoft, it is easy to understand why Honan hadn’t activated Gmail’s two-factor authentication. Many Gmail users find the security feature cumbersome, Microsoft contends. Google isn’t saying how many of its users have activated the security feature, but a Microsoft spokesperson glibly estimated to Peter Pachal, of Mashable, that the number was one percent.
With Gmail two-factor authentication, a subscriber links a phone number to their account. A mobile phone number is recommended. Then, whenever the subscriber types in their password when logging into their account, a pass code is sent to them as a text or voice message. That code must be entered before the account can be accessed.
Microsoft argues that the Gmail process is inconvenient to users, which is why many of them don’t activate it. It’s looking into “strong” security for Outlook.com, it said, but strong security that won’t discourage subscribers from using it by being awkward to use.
Among the security features included in the initial version of Outlook.com—it’s currently in “preview”—are strong passwords and one-time codes.
Passwords for Outlook must include capital letters and non-alpha characters. One-time codes allow a subscriber to receive a code on their cell phone by which they can access their account without their password. The code only works once so the subscriber doesn’t have to worry about it falling into the wrong hands as they would with a conventional password.
According to the Microsoft spokesperson, the company is “putting a lot of investment and R&D” into making Outlook.com secure and user friendly.
As well as security, privacy can be an issue with webmail programs. Some settings in Outlook.com can be customized to improve a subscriber’s privacy. For example, you may want to turn off the web app’s active view because it performs functions automatically—responding to LinkedIn invitations, for instance—that you’d rather perform manually.
Displaying attachments, links and pictures can also be controlled through settings. So you might want to limit the display of such items to senders you’ve defined as “safe.” The default setting is less restrictive.
If you don’t want old emails to come back to haunt you, you’ll want to tinker with the deletion features in Outline.com. As with most email programs, deleted messages go to a trash bin, where they can be recovered if you change your mind about disposing them.
However, even after emptying the web app’s trash, messages can be recovered in online Outlook. To prevent that from happening, you need to change the default setting for deleted messages to “Don’t let me recover deleted messages.”
Microsoft and Google’s differences aside, both companies are making strides to keep their webmail services secure for their users.