Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Microsoft Wants More than 16 Characters in Your Password

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
mogs Microsoft Wants More than 16 Characters in Your Password
Expert Contributor 14th Sep, 2013 19:49
Ranking: 2265
Posts: 6,266
User Since: 22nd Apr, 2009
System Score: 100%
Location: UK
Last edited on 14th Sep, 2013 19:51

September 14th, 2013, 15:48 GMT · By Bogdan Popa

At this point, Microsoft account users need to set up passwords with a maximum of 16 characters, which is a bit weird given the fact that so many security experts recommend everyone to pick long and complex passwords.

The Outlook.com team explained in an AMA session on Reddit that the reason behind the 16-character limit is pretty much based on the way cybercriminals are now trying to break into users' accounts, with phishing and malware still serving as the common techniques.

As a result, long passwords aren't quite a must-have, a member of the team explained.

“Please note our research has shown uniqueness is more important than length and (like all major account systems) we see criminals attempt to victimize our customers in various ways; however, while we agree that in general longer is better, we’ve found the vast majority of attacks are through phishing, malware infected machines and the reuse of passwords on third-party sites – none of which are helped by very long passwords,” the Outlook.com team explained.

“Sixteen characters has been the limit for years now. We will always prioritize the protection needs of users’ accounts and we will continue to monitor the new ways hijackers and spammers attempt to compromise accounts, and we design innovative features based on this. At this time, we encourage customers to frequently reset their Microsoft account passwords and use unique passwords that are different from other services.”

And still, Microsoft is currently working to increase the maximum character limit for Outlook.com accounts, but no deadline has been provided. It did, however, mention that it could take “longer” to get to the market.

“We are working on increasing the password length. Unfortunately, for historical reasons, the password validation logic is decentralized across different products, so it's a bigger change than it should be and takes longer to get to market.”

http://news.softpedia.com/news/Microsoft-Wants-Mor...

--

ddmarshall RE: Microsoft Wants More than 16 Characters in Your Password
Dedicated Contributor 15th Sep, 2013 11:31
Score: 1212
Posts: 965
User Since: 8th Nov 2008
System Score: 98%
Location: UK
If you don't think sixteen characters is long enough and you have a mobile phone, you can use two factor authentication on your Microsoft Account.

http://blogs.technet.com/b/microsoft_blog/archive/...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
SOMARLIdR RE: Microsoft Wants More than 16 Characters in Your Password
Member 15th Sep, 2013 22:17
Score: 5
Posts: 3
User Since: 9th Sep 2013
System Score: N/A
Location: ES
on 15th Sep, 2013 11:31, ddmarshall wrote:
If you don't think sixteen characters is long enough and you have a mobile phone, you can use two factor authentication on your Microsoft Account.

http://blogs.technet.com/b/microsoft_blog/archive/...

I have been using 2 factor authentication for about a month and feel safer. Although I have read and watched several talks from various infosec and hack conferences where researches show how to break 2 factor authentication with combined malware which is installed (using plenty of ways) on both desktop and mobile.

Anyway I wonder what is the percentage of 14-16 characters long passwords among all outlook.com users
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer