

Microsoft account passwords can contain up to 16 characters. - jneal

http:&#x2F;&#x2F;i.imgur.com&#x2F;yJfhAqY.png<p>I tried to login to my Microsoft account today from my mobile phone. My password is longer than 16 characters and I received this error. It&#x27;s worked in the past, but not now.<p>This worries me, how could entering the first 16 characters work? Wouldn&#x27;t that mean the password is stored unencrypted. Besides that, why the heck are they limiting to only 16 characters? Seems like a bad security policy IMO.
======
electrichead
Yeah, their password policy is silly, especially for Office 365 accounts. They
don't allow space characters either; its like nobody there reads xkcd, let
alone any modern recommendations. I suppose they rely on their lockout
verification policies, like a lot of banks (your bank password is likely not
case sensitive, as an example)

------
dfc
Why would you think it is stored in plain text? I imagine they were probably
only using the first 16 characters and silently discarding the rest.

~~~
spydum
My employer migrated to MS hosted exchange, so I am also experiencing this. I
think at the time I had a 20+ char password, and it never complained. For some
reason though, they have changed their UI's now on things like live login
pages, and it is HERE that you can't supply your full password any ore. I had
to reset my password to be 16 chars to be able to use the web interface. The
back end was working just fine with 20+.

~~~
dfc
Did you ever try only the first 19 or 18 or 17 or 16 of your 20+ password in
the past? Just because they are alerting you to something now does not mean
that in the past they did not silently ignore any chars past 16.

