This is the second of two blog posts on password protection. Read Part 1: Create strong passwords and protect them.

Whether or not you should know all of your kids’ passwords depends on their age, how responsible they are, and your parenting values.

However, kids of any age and responsibility level need to know how to create strong passwords and how to protect those passwords.

Sharing is great, but not with passwords

Your kids should never give their friends their passwords or let them log on to their accounts. Also, be careful sharing your passwords with your kids.

3 strategies for strong passwords

• Length. Make your passwords at least eight (8) characters long.

• Complexity. Include a combination of at least three (3) uppercase and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.

• Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

For more information, see Help kids create and protect their passwords.

This is the second of two blog posts on password protection. Read Part 1: Create strong passwords and protect them. Whether or not you should know all of your kids’ passwords depends on their age, how responsible they are, and your parenting values. However, kids of any age and responsibility level need to know how to create strong passwords and how to protect those passwords.

Sharing is great, but not with passwords

Your kids should never give their friends their passwords or let them log on to their accounts. Also, be careful sharing your passwords with your kids.

3 strategies for strong passwords

• Length. Make your passwords at least eight (8) characters long.
• Complexity. Include a combination of at least three (3) uppercase and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
• Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

For more information, see Help kids create and protect their passwords.

We’ve noticed comments from many of you asking why we want you to verify your Microsoft security information. We’d like to explain why verifying this information is important. To help protect your email account and your personal data, we ask everyone who has a Microsoft account to make sure that the security information associated with their account is correct and up to date. When your security information (like an alternate email address or phone number) is current, we can use it to verify your identity.

For example, if you forget your password or if someone else tries to take over your account, Microsoft uses your security details to help you get back into your account.

If you see a message asking you to update or verify your Microsoft account security information, you have seven days to do it. If you no longer have access to your security information, you will have to fill out a support request.

Get a quick overview of how to add security info to your account

We’ve noticed comments from many of you asking why we want you to verify your Microsoft security information. We’d like to explain why verifying this information is important. To help protect your email account and your personal data, we ask everyone who has a Microsoft account to make sure that the security information associated with their account is correct and up to date. When your security information (like an alternate email address or phone number) is current, we can use it to verify your identity.

For example, if you forget your password or if someone else tries to take over your account, Microsoft uses your security details to help you get back into your account.

If you see a message asking you to update or verify your Microsoft account security information, you have seven days to do it. If you no longer have access to your security information, you will have to fill out a support request.

Get a quick overview of how to add security info to your account

A reader asks:

What can I do if my account has been hacked and I haven’t already added security information to it?

It would be easier to recover your account if you had already associated it with information that cybercriminals can’t easily access, like your mobile phone number or an alternate email address. For example, if your account is compromised, Microsoft could send you an account-recapture code in a text message to help you regain access to your account. If you do have access to your account, add security information to your account now.

If you haven’t already added security information to your account 

Scan your PC for viruses

 If your account has been hacked and you can’t get access to it, the first thing you should do is scan your computer for viruses. Do this before you try to change your password. Hackers get your password through malware that’s been installed on your PC without your knowledge (for example, when you download a new screen saver, toolbar, or other software from an untrustworthy source.) It’s important to clear your PC of viruses or malware before you change your password. That way, the hackers won’t get your new password.

If your computer is running Windows 8

Use the built-in Windows Defender to help you get rid of a virus or other malware.

Here’s how: 

1. From the Search charm, search for defender, and then open Windows Defender.

2. On the Home tab, choose a scan option, and then tap or click Scan now.

In addition to the color codes for your PC’s overall security status, Windows Defender applies an alert level to any suspected malware it detects. You can decide whether to remove an item entirely, research it further, or let it run because you recognize it.

 If your computer is running Windows 7 or Windows Vista 

• Run the Microsoft Safety Scanner. The scanner works with the antivirus software that you already have on your computer, regardless of whether the software is from Microsoft.

• Download Microsoft Security Essentials for free, and then use the software to run a scan of your computer. For more information, see Help protect your PC with Microsoft Security Essentials. (Note: Some viruses will prevent you from downloading Microsoft Security Essentials. If you can’t download the software, follow the instructions for using Windows Defender Offline.)

• Some malicious software can be difficult to remove. If your antivirus software detects malware but can’t remove it, follow these steps.

Get more help removing viruses

Reset your password

Once you’ve scanned your computer for viruses, reset the password on your account.

If you can’t reset your password, and you haven’t already added security information to your account, you can still get back into the account by filling out a questionnaire. You will be asked specific questions about the account and email messages that might be stored there. Someone will get back to you within 24 hours (typically a lot sooner).

For more information, see How to recover your hacked Microsoft account.

You can reduce your chances of being hacked by regularly changing the passwords on all the accounts where you enter financial or other sensitive information. Set an automatic reminder to update passwords on your email, banking, and credit card websites every three months.

Different sites have different rules for passwords that they’ll accept, but here is some basic guidance on how to create strong passwords:

• Length. Make your passwords at least eight (8) characters long.
• Complexity. Include a combination of at least three (3) upper and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
• Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

Learn more about how to create strong passwords and protect your passwords.

If you think someone has gone into your account and changed your password, learn how to recover a hacked account.

Tom asks:

I’m getting messages from Microsoft about my email account. The messages say that my account is blocked and I can only unblock it with a credit card number. Is this legit?

No, these messages sound like a phishing scam, a type of identity theft designed to steal your personal information, such as credit card numbers, passwords, account data, or other information. Never provide personal information in response to requests like this. In fact, it’s best not to respond at all. Instead, delete the email message and report it.

If you can’t access your email account, get information on how to recover your hacked account.

Learn how to help protect yourself from email and web scams

If you’ve been a victim of identity theft in the United States, report it right away to the U.S. Federal Trade Commission. 

A Microsoft account—formerly known as a Windows Live ID—is the combination of an email address and a password that you use to sign in to services such as Xbox LIVE and Outlook.com, as well as devices such as Windows Phone and computers running Windows 8.

If you think your Microsoft account has been hacked, we recommend that you reset your password right away. To change your Outlook.com (formerly Hotmail) password, sign in to your Microsoft account, and then go to the Password section.

Your Microsoft account includes settings to help protect your privacy

• If you have added security information to your account and you have lost your password or your account is compromised, you can request an account-recapture code that Microsoft will send you in a text message or an alternate email address to help you regain access to your account. 

• If you receive an email message about the security of your Microsoft account, it could be a phishing scam. Don’t click links in any messages unless you trust or check with the sender. Instead, reset your password. Note: Microsoft does not send unsolicited communication that requests personal information. For more information, see Avoid scams that use the Microsoft name fraudulently

• Scammers can get into your email account by installing malicious software on your computer without your knowledge. Make sure you use antivirus software that updates automatically, such as Microsoft Security Essentials, which is available for computers that are running Windows 7, Windows Vista, or Windows XP. If you’re using Windows 8, you already have antivirus and antispyware protection called Windows Defender.

To learn how to adjust privacy settings in your Microsoft account, see Privacy and your Microsoft account.

Cassie writes:

I received an email from the Hotmail Maintenance Department requesting personal information verification. The message included a PDF file. Is this a scam?

Yes. This is one of many types of email cybercrime, also called phishing. Cybercriminals often use the Microsoft name to try to get you to share your personal information so that they can use it for identity theft. Delete the message—do not open it, and do not click any links or open any attachments.

The Hotmail Maintenance Department doesn’t exist—and if it did, the department wouldn’t send unsolicited email messages with attachments that asked for your personal information. Be suspicious of any email messages that appear to come from the Hotmail team; even though your email address still says “Hotmail,” the service is now called Outlook.com.

For more tips on spotting scam email messages, see How to recognize phishing email messages, links, or phone calls.

If you opened the PDF file, your computer might already be infected with malware that can be used to steal your personal information. Scan your computer with the Microsoft Safety Scanner to find out. The scanner will also help you remove any malicious software it finds.

Outlook.com (formerly Hotmail) is the newest version of free webmail from Microsoft. More than 60 million people have signed up for it since we released the beta version last summer.

Whether you make the transition from Hotmail to Outlook.com now or wait to be automatically upgraded, you can keep using your existing @hotmail.com, @live.com, or @msn.com address. Or you can get a new @outlook.com address. Get more answers to your general questions about why your Hotmail account was upgraded.

With Outlook.com, you’re in control of your data, and your personal conversations aren’t used for ads. We don’t scan your email content or attachments and we don’t sell this information to advertisers or any other company. You decide whether to connect your account to any social networks, and you’re in control of who you friend or follow.

Get more information about the security and privacy features of Outlook.com

If you use Outlook.com or Hotmail and think your account has been hacked, you should act right away to help protect your Microsoft account.

If you can still access your Microsoft account, sign in and immediately change your password. For Outlook.com, go to the Password and Security section; for Hotmail, go to the Account overview page in the Account security section.

If you can’t sign in, reset your password.

For more information, see How to recover your hacked Microsoft account.

If you use Outlook.com or Hotmail and think your account has been hacked, you should act right away to help protect your Microsoft account.

If you can still access your Microsoft account, sign in and immediately change your password. For Outlook.com, go to the Password and Security section; for Hotmail, go to the Account overview page in the Account security section.

If you can’t sign in, reset your password.

For more information, see How to recover your hacked Microsoft account.

Last week we answered a question about what to do if your Hotmail account is sending out spam. We mentioned resetting your password if you can’t sign in because your account has been blocked. One way you can unblock it is to respond to an email message sent by Microsoft to the secondary address you listed when you opened the account.

Many of you wrote in asking what to do if you no longer have access to that secondary email account. The answer: you will need to fill out a support request. (In fact, now would be a good time to make sure that your secondary address is correct.)

Even better, you can associate your Hotmail account with your mobile phone number or other information that hackers cannot easily access. For example, if you lose your password or your account is hacked, Hotmail sends you an account-recapture code in a text message to help you regain access.

You can also set up a “trusted PC”—associate your Hotmail account with one or more of your personal computers. If you need to reset your password to regain control of your account and you use a trusted PC, Hotmail will know you are the legitimate owner.

Laura writes:

My Hotmail email address has been hacked. Someone sent out a spam email to everyone in my address book. What do I do?

If it makes you feel any better, Laura, we get this question a lot. Here’s what to do right now:

• If you can still sign in to your account, change your password right away.
• If you can’t sign into your account, try to reset your password.

IMPORTANT: Make sure your new password isn’t one that you use on other accounts or websites. Also, create a password using eight or more characters that don’t form a word that can be found in the dictionary. Find more tips for creating strong passwords.

Should I let everyone know that I’ve been hacked?

Recently we’ve been asked whether we recommend that you send everyone in your contact list an email that warns them not to click on links in emails from you. This really is a personal choice. The most important thing to do is change your password right away.

Personally, we don’t think that an email to everyone in your contact list is necessary. Here’s why:

• It’s time consuming. Your email contact list could contain every person to whom you’ve ever sent a message from that address. Your email program probably won’t allow you to send one message to everyone in your contact list because it will view it as spam.
• We think most people probably already know that a message with a random link is usually spam—especially if it’s from someone who doesn’t contact them regularly. Chances are good that such people make up a majority of your contacts, so they might consider an email telling them what they already know as more spam.

However, if you know of anyone in your contact list who is less computer savvy, it couldn’t hurt to send them an email.

If you use the new Outlook.com free email service and you get spam email from someone, you can notify them and then, from the Mark as menu, click My friend’s been hacked to notify Outlook so we can minimize the damage as soon as possible. Learn more about the new Outlook.com.

What do you think?

Should victims of email hacking notify everyone in their contact list? Give us your opinion in the “Leave a Comment” section below. 

Outlook.com is Microsoft’s new free cloud email service for personal use. You can use Outlook.com with the Outlook desktop application, via the web at http://outlook.com, or via other email apps that support Exchange ActiveSync or POP3.

The new Outlook.com offers several security and privacy features, including:

• Limiting spam in your inbox to less than 3 percent of the items.
• Turning on the encryption feature (SSL) by default, which helps protect your account on wireless networks and public computers.
• Displaying trusted senders in your inbox.

For more information, see Introducing Outlook.com.

Want to keep up with the latest Outlook news? Follow @Outlook on Twitter.

John writes: 

I received an email that said that I won a prize from Microsoft and I am concerned that others may fall for this scam. Can’t anything be done about these types of scams?

The Microsoft Lottery scam is a fraudulent email that claims that you have won a lottery, a prize, a sweepstakes, or another kind of award. The goal of this phishing scam is to convince you to send money to claim your award or to turn over personal information.

Learn more about scams that use the Microsoft name fraudulently.

There is no Microsoft Lottery. If you receive an email like this, you can delete it or you can report it.

How to report an email scam

You can use Microsoft tools to report a suspected scam.

• Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
• Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
• Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it toreportphishing@antiphishing.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.

You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.

Spam and other email that you don’t want can clog up your inbox. Some spam can be fraudulent and can contain malicious software or links to malicious websites, but some email can just be annoying. Graymail is email that you signed up for, but you don’t want anymore.

If you use Hotmail, you can get rid of graymail and automate your inbox in just 60 seconds.

Get more information about graymail.

A reader named Karen asks:

“I received a message in my Hotmail inbox that said that I’d been hacked and I should change my password. How do I do this?”

If you think your Hotmail account has been hacked, go to the Reset your password page.

Karen didn’t say whether the message appeared to be from Microsoft or if it was from a friend who received an email from her that looked suspicious (a sign that your account might have been hacked.)

If you receive an email about the security of your account, this could be a scam. Don’t click links in any emails unless you trust the sender. Instead, reset your password.

Get more security tips for Hotmail and learn how to help protect yourself from email and web scams.

Spam filters for email programs are a little like the roof on a house. You wouldn’t want to live without one, but some are better than others.

Recent research from Cascade Insights showed that no email program they tested did better than Hotmail at filtering spam.

Get tricks for getting rid of spam, even if you don’t use Hotmail, and learn how to avoid other email and web scams.

You can also get more detailed information about SmartScreen, Microsoft’s spam-fighting technology, and go beyond the metrics in a detailed blog post by Dick Craddock, Hotmail Group Program Manager. 

If you think you’re a target of a phishing scam or other fraud in an email, Xbox instant message, or on a website, you can report it. Most Microsoft products have built-in tools that make this easier.

Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.

Xbox 360. If someone is trying to phish you in Xbox 360, bring up the player profile, select File Complaint, select File Complaint again, select Text and Voice Communication and then select Text message to file a complaint, where it will be reviewed by our Enforcement Team.

Internet Explorer. While you are on a suspicious site, click the gear icon () and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.

Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it toreportphishing@antiphishing.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.

Get more information about how to report and avoid fraud.