Your IP: Unknown · Your Status: Unprotected Protected

Blog News

Microsoft Strengthens Encryption for Outlook and OneDrive

Jul 02, 2014 · 2 min read

Microsoft has announced on Tuesday about its implementation of stronger encryption standards for Web-based email and cloud service OneDrive.

Seems like Microsoft’s December promise is coming to fruition. It promised to encrypt customer data moving between the user and Microsoft and data moving between data centers would be encrypted by default. Microsoft has already started replacing weak encryption keys, updating the old ones with a minimum 2048-bit key lengths.

Microsoft picked email as a starting point for its encryption efforts, including worldwide partners such as Deutsche Telekom, Yandex and Mail.ru to help evaluate the viability of its encryption.

After more than six months, Microsoft has just now started using Transport Layer Security encryption (TLS) for its email services at Outlook.com, Hotmail.com, MSN.com and Live.com. This means it will be considerably harder spy on email originating from and being sent to a Microsoft account, as long as the connecting email service also uses TLS.

Matt Thomlinson stated that this is a start of a process aiming to strengthen encryption. He is the vice president of Microsoft’s Trustworthy Computing division.

Microsoft also has enabled Perfect Forward Secrecy encryption (PFS) for its cloud storage service OneDrive. The OneDrive service will now operate on the tougher PFS encryption standard, which preserves users confidentiality even when a third-party would try to eavesdrop on the network. Perfect Forward secrecy utilizes a different encryption key for every new connection, making it a lot more difficult for attackers to decrypt connections.

Finally, first transparency center has been opened by Microsoft at its headquarters in Redmond, where governments are invited to review Microsoft’s source code for key products to verify that no hidden backdoors have been added to the software. Microsoft has not yet published which of its products will be available for review.


Christina Craig
Christina Craig successVerified author

Christina is a community manager and the heart, the voice and the soul of NordVPN. She is always up for a conversation with our community of users and blog readers.


Subscribe to NordVPN blog