Blog Post

Not More Than 16 Characters?!?

,

Microsoft, you’re killing me. This is the warning I received when typing in a password for Office 365:

More More Than 16 Characters

I blinked when I saw the warning, “Your password can’t be longer than 16 characters.” I couldn’t believe that I had gotten that warning, so I erased what I had typed for a password and started typing 1, 2, 3, etc., to see if this warning did trip at 17 characters. It did. Why in the world is there a limitation on password length if you’re going to do a hash my password? And if you had to pick a limit, why 16 characters? Why not 50 or 100 or 255?

I’ll give Microsoft credit for password complexity requirements:

  • Require uppercase
  • Require lowercase
  • Require number
  • Require a special character from a select list

However, we know that password length tends to be more important as long as you stay away from dictionary words. Therefore, if you’re building a system that takes passwords, don’t limit password length and use secure hashing algorithms and store the hash.

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating