A brief Tutorial on Using SSL (HTTPS) in Hotmail
Article by Marc Liron - Microsoft MVP (2004-2010)
Quick History of Hotmail
Windows Live Hotmail, formerly known as MSN Hotmail and commonly referred to simply as Hotmail, is a free web-based email service operated by Microsoft as part of its Windows Live group. It was founded by Sabeer Bhatia and Jack Smith. Launching in July 1996 as "HoTMaiL", it was one of the first web-based e-mail services.
It was subsequently acquired by Microsoft in 1997 for an estimated $400 million, and shortly after it was rebranded as "MSN Hotmail".
Windows Live Hotmail features unlimited storage, security measures for which patents have been filed, Ajax technology, and integration with Windows Live Messenger, Hotmail Calendar, SkyDrive and Contacts. According to comScore (August 2010) Windows Live Hotmail is the world's largest web-based email service with nearly 364 million users. Second and third are Yahoo! Mail (280 million) and Gmail (191 million).
It is available in 36 different languages....
Office Web Apps integration -
Hotmails' ACE Card
Hotmail integrates with Office Web Apps to allow high quality viewing and editing of Microsoft Office Word, Excel, and PowerPoint documents that are attached to the e-mail messages.
Users can directly open attached Office documents within the web browser, and save them into their Windows Live SkyDrive. Users can also perform edits to any received Office documents, and directly reply to the sender with the edited version of the document.
In addition, users may also send up to 10GB of Office documents (up to 50 MB each) using Hotmail by uploading these documents onto Windows Live SkyDrive, and share these documents with other users for viewing or collaboration.
What is SSL?
One thing that "Hotmail" lacked, for many years, was a secure method of encrypting your email reading/writing etc - after logging-in. However the addition of full-session SSL was released as an option to all users on November 9, 2010
SSL (Secure Sockets Layer) is a cryptographic protocol that
provides communications security over the Internet. The protocol is
in widespread use in applications like web browsing, electronic
mail, Internet faxing, instant messaging and voice-over-IP (VoIP).
The original SSL specification was developed by Netscape Corporation, the final draft of which was released in late 1996.
A Closer Look At Hotmail SSL
Whilst Microsoft has now introduced full-session SSL for its Hotmail users, it is NOT switched on by default.
So lets walk through the process and look at some for the current restrictions too.
When you attempt to login to your Hotmail account you will see
that the URL will show as a secure https:// (See
Fig 1.0 below)
Fig 1.0 - Hotmail HTTPS URL for Login
However, when you are logged in the URL will change back to a non-encrypted http:// (See Fig 1.1 below)
Fig 1.1 - Hotmail HTTP after Login
...and in some scenarios this can be a security issue.
For instance, if you are sitting in a coffee shop using their unsecured Wi-Fi network anyone with some free software and a little technical knowhow can gain access to your Hotmail account and read all your emails being sent and received!
(Actually it can be worse than this, but that is beyond the
scope of this article. You might like to read my
security guide for more information on staying
Please Note - If you should ever arrive at the Hotmail login page and it shows just an http:// at the start of URL - click the Use enhanced security (SSL) link at the bottom of the form (See Fig 1.2 below).
Fig 1.2 - SSL Login Link
Turning on Hotmail SSL
To enable full-session SSL for your Windows Live Hotmail account you will need to be logged into your email account and then visit:
However, if you choose this option you will no longer be able to use:
The Outlook Hotmail Connector
Windows Live Mail to access your Hotmail account
The Windows Live application for Windows Mobile and Nokia
If this is not an issue for you then go ahead and make the change.
But, if like me, you require access to your Hotmail account via Microsoft Outlook, then you can not turn this feature on. So what can you do if you require to read your Hotmail account in a public place?
Well you can use this tip when already logged into your email account:
If you only need a temporary SSL connection, enter "https" in front of the web address instead of "http".
Then you should be taken to a screen like the one in Fig 1.3 below.
Fig 1.3 - Manually Create a Temp SSL Connection
...simply click "Continue to Hotmail" and you will have created a secure SSL connection to use your Hotmail account in a public place. When you logoff the connection will be broken and the next time you logon you will have to repeat the process if required.
I have no idea if Microsoft will make Hotmail's new full-session SSL ability work with the Outlook Connector utility sometime in the future...
It took Google almost 2 years to turn on SSL by default for all its customers, and even when they did it turned out to have a major security flaw in its implementation that took the online giant several months to fix!
>>> My FREE Windows Newsletter! >>>
Fortnightly copy of my FREE Windows
Windows XP, Vista, 7, 8, Microsoft Office and Windows Live Services - Sign-up TODAY!!!