In a development that could be seen as a response to the havoc that FireSheep has created in the last week, Microsoft has finally enabled complete SSL security for its Hotmail service. Previously, authentication would be encrypted using SSL but users would then be switched back to plain HTTP (which of course is insecure).
The truth is that Microsoft had actively been working on implementing complete SSL for some time in response to Google’s move to enforce SSL by default on its Gmail service. For a while, there had been concerns in the industry about how much of a load SSL would place upon infrastructure but with modern hardware and the continuing increase in processing power this has become less of an issue.
Unfortunately, Microsoft has not enabled SSL by default but there is a reason. Enabling SSL for Hotmail breaks the use of the Outlook Hotmail Connector, Windows Live Mail and the Windows Live application for Windows Mobile 6.5. If you don’t use any of these pieces of software then you can turn on SSL without an issue but if you are affected you might need to weigh up the existing convenience against potential security implications.
So how do you turn on SSL?
Just browse to https://account.live.com/ManageSSL and login with your Windows Live ID after which you will be presented with this page:
All you need to do is select the option for “Use HTTPS automatically” and click “Save”. You can always come back and turn it off by browsing to the same page and selecting “Don’t use HTTPS automatically”. Alternatively, if you want to force SSL manually when using Hotmail you can always change the “HTTP” to “HTTPS” in the address bar of your browser or you could use NoScript with Firefox to force it for you so you don’t need to remember (as covered here in a prior blog).
A common catchphrase that you might hear is “knowledge is power” so hopefully this information has helped to empower you to tighten up your security a little bit more on the internet – keep your information secure!