At last Hotmail users get SSL encryption

EMAIL VENDOR Microsoft has finally rolled out encryption for its Hotmail users.

The floundering webmail service has been besieged with problems since its summer 'upgrade' but the news that the Vole has finally deployed HTTPS for Hotmail to provide secure data transfer should be met with some relief. Until now HTTPS was only used for the sign-in procedure, meaning that once users were logged in all data was being sent in unencrypted plaintext.

By using secure sockets layer (SSL) for encryption, Microsoft says that its Hotmail service now "offers advanced security safeguards" to protect users' email accounts. Aside from deploying HTTPS on its Hotmail service, Microsoft has also applied it on its Skydrive, Photos, Docs and Devices websites.

SSL encryption will not help curb the spread of malware through email nor will it have any effect on spam, but it should make it a lot harder for hackers to snoop on data transferred between Hotmail servers and users.

As this is Microsoft, there's a catch. The relative security of HTTPS won't be available for users of Outlook Hotmail Connector, Windows Live Mail or the Windows Live application for Windows Mobile 6.5 and Symbian.

But why did Microsoft take so long to deploy HTTPS throughout its Hotmail webmail software?

Google has been offering the option of SSL encryption on its Gmail service for years, so it's hardly pushing the boundaries of what's possible. Understandably, SSL does increase the CPU load on servers, however for over a decade the technology has been seen as absolutely critical in ensuring some semblance of user security. Many users look for the various padlock symbols for the reassurance of security on the web.

Microsoft's decision not to bother with HTTPS until now seems characteristic of the Vole's reactive attitude to security.

Nevertheless, with Microsoft it's best not to look a gift horse in the mouth, even if it is several years late. µ