Microsoft is willing to give back to the public? I think that is the difference.

Same, I was so excited to see a JavaScript version of MineCraft. Thought it would be HTML5, and wonder how the memory and graphic would support it. However, it is more for automation or command line usage, using script command to create blocks.

Trying to imagine what would be communication like when you can communicate to the old lady driving slowly on the fast lane of the highway.

The Google Two Way Authentication is similar the the SMS solution that you mentioned.
As for HSBC 20 years ago (not Internet era yet, but using modem to call into their server), which generates a second password for your next session.

I agree with ATM card or physical key, since you are aware of these things being taken away.
However, password can be different. You never know MITM attack.

I really hate changing my password every 6 months (my company policy is every 30 days, 15 different passwords). And the only way to remember my password to start my workstation is to have a pattern (sigh, add a different number once in a while), which is not very secure, I believe.

How would you expect to `reset your password` for your email, while the validation process requires you login to your email account?
How do you envision to reset your password on Hotmail, while the requirement might be for you to login to get the reset password link?

Actually, its good to mention Google's two way authentication here as well.
I know HSBC or some other banks had been using similar way 20 years ago, and with better technologies, Google expands this with an app on Android phone (it works on my Android, never had an iPhone).

Yes, I assume they can sort by hashed password, and actually my question is how they ended up with "common password" if Hotmail encrypted the password. If there is a decrypt function, then I am curious how secure it is being hosted.

And I suppose they are here to study the pattern, which included related passwords, eg. 123456 qualify as linear f(x) = x, therefore 1234567 will also be categorized as the same thing for study, no?
If I am a hacker, I am interested in the pattern more than just common passwords, and for a security expert to counter hackers, would they be studying the pattern instead of general `common passwords`? Or provide suggestion on those pattern, instead of just some isolated password case?