If you like this post then please subscribe to my full RSS feed.
You can also click here to subscribe by email. Thanks for visiting! Darran.

Wednesday, August 01, 2012

microsoft online password length

Last month Microsoft released an App for SkyDrive, however I couldn't log in because my password was longer than 16 characters. I contacted support and their response was:

Would you please change your password to be 16 characters or fewer? That way will help you to sign-in on iOS device successfully. Link
I left it go for a while, put it down to app teething problems. This week however I noticed that to sign into my hotmail or outlook (as it's known as now) I was welcomed to this message:
Microsoft account passwords can contain up to 16 characters. If you've been using a password that has more than 16 characters, enter the first 16.
I had a quick look on the official forums and found this response from a Microsoft Employee:
Windows Live ID passwords have always been limited to 16 characters.  What has changed is the login page now gives you immediate feedback to ensure you understand your password is not more than 16 characters.
To avoid this error message, do not enter more than 16 characters.
We are working on increasing the maximum password length. Unfortunately, for historical reasons, the password validation logic is decentralized across different products, so it's a bigger change than it should be and takes longer to get to market. Link

This is also going to be a problem in Windows 8. So I tried to find an official policy from them on passwords and their length. On the official Microsoft Safety and Security Center, on a page titled: Create strong passwords, it clearly shows an example password 28 characters long: ComplekspasswordsRsafer2011.

So what I want to know is why Microsoft doesn't want us securing our accounts with strong passwords. I stopped password reuse as part of my new years resolution and now use KeePass (syncs with Dropbox/KyPass on iOS/KeePassDroid on Android) to save all my passwords under one strong master password. All my other passwords are 32 characters, Upper, Lower, Digits and special characters.

Speaking of passwords, check out this awesome password tester, and nice master password generator.

TL;DR: Microsoft limiting your password to 16 characters, thus doesn't care about your online security. correct horse battery stable

Edit 2017-04-08: The link to Microsoft's Security Checker is broken as they seem to have taken it down. And if the password tester above is too complex for you, try this one.