|mogs||Microsoft Wants More than 16 Characters in Your Password|
|14th Sep, 2013 19:49|
User Since: 22nd Apr, 2009
System Score: 100%
Last edited on 14th Sep, 2013 19:51
September 14th, 2013, 15:48 GMT · By Bogdan Popa
At this point, Microsoft account users need to set up passwords with a maximum of 16 characters, which is a bit weird given the fact that so many security experts recommend everyone to pick long and complex passwords.
The Outlook.com team explained in an AMA session on Reddit that the reason behind the 16-character limit is pretty much based on the way cybercriminals are now trying to break into users' accounts, with phishing and malware still serving as the common techniques.
As a result, long passwords aren't quite a must-have, a member of the team explained.
“Please note our research has shown uniqueness is more important than length and (like all major account systems) we see criminals attempt to victimize our customers in various ways; however, while we agree that in general longer is better, we’ve found the vast majority of attacks are through phishing, malware infected machines and the reuse of passwords on third-party sites – none of which are helped by very long passwords,” the Outlook.com team explained.
“Sixteen characters has been the limit for years now. We will always prioritize the protection needs of users’ accounts and we will continue to monitor the new ways hijackers and spammers attempt to compromise accounts, and we design innovative features based on this. At this time, we encourage customers to frequently reset their Microsoft account passwords and use unique passwords that are different from other services.”
And still, Microsoft is currently working to increase the maximum character limit for Outlook.com accounts, but no deadline has been provided. It did, however, mention that it could take “longer” to get to the market.
“We are working on increasing the password length. Unfortunately, for historical reasons, the password validation logic is decentralized across different products, so it's a bigger change than it should be and takes longer to get to market.”
|ddmarshall||RE: Microsoft Wants More than 16 Characters in Your Password|
|15th Sep, 2013 11:31|
User Since: 8th Nov 2008
System Score: 98%
|If you don't think sixteen characters is long enough and you have a mobile phone, you can use two factor authentication on your Microsoft Account.
This answer is provided “as-is.” You bear the risk of using it.
|SOMARLIdR||RE: Microsoft Wants More than 16 Characters in Your Password|
|15th Sep, 2013 22:17|
User Since: 9th Sep 2013
System Score: N/A
on 15th Sep, 2013 11:31, ddmarshall wrote:
If you don't think sixteen characters is long enough and you have a mobile phone, you can use two factor authentication on your Microsoft Account.
I have been using 2 factor authentication for about a month and feel safer. Although I have read and watched several talks from various infosec and hack conferences where researches show how to break 2 factor authentication with combined malware which is installed (using plenty of ways) on both desktop and mobile.
Anyway I wonder what is the percentage of 14-16 characters long passwords among all outlook.com users