SoylentNews

martyb [soylentnews.org] writes:

The Register is reporting [theregister.co.uk]:

Microsoft will warn [microsoft.com] email and OneDrive users if it detects apparent attempts by governments to hack into their accounts.

[...] Google, Facebook, Twitter [theregister.co.uk] and Yahoo already offer similar government hacker alert systems to the one just introduced by Microsoft. Alerts are far from rare. Google, for example, reportedly tells tens of thousands of users every few months that they’ve been targeted by foreign spooks.

Redmond’s alerting system has raised issues about US data breach disclosure laws. “If China had stolen Hotmail users' passwords, Microsoft would have had to tell users,” Christopher Soghoian, a principal technologist at the ACLU, stated in an update [twitter.com] to his personal Twitter account But *private emails* are not considered PII [personally identifiable information].”

Soghoian went on to take issue [twitter.com] with Microsoft’s advice about changing passwords frequently. Current best practice, advocated by most but not all security pros, is to use strong passwords together with a password manager. Changing passwords frequently tends to encourage the use of easier to remember passwords, which are easier for hackers of all stripes to guess.

Original Submission