Microsoft Wants More than 16 Characters in Your Password

Discussion in 'other security issues & news' started by guest, Sep 14, 2013.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    Source: hxxp://news.softpedia.com/news/Microsoft-Wants-More-than-16-Characters-in-Your-Password-383026.shtml

    ----------------------------------------------------

    A valid reason for them about the 16 characters limit, but I still don't see any harm in having a longer limit for those who want to use longer passwords. If they allowed 30 characters passwords then I probably will be back to use Outlook.com again along with GMail. :shifty:
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    If you have a smartphone, rather than waiting for longer passwords you can go for two-factors authentication.
    And don't think its easy to crack a 16 character password since after a number of wrong attempts the server will lock you out.
    So, it will take a looooooong time to guess your 16 character passwords.
     
    Last edited: Sep 14, 2013
  3. guest

    guest Guest

    I'm probably wrong but, we still can do that just with a featured phone, right?

    Yep, not easy at all. But 30 characters passwords with uppercases, lowecases, numbers, and punctuation marks arranged in a random order is still harder to crack. I'm worried more about the service providers themselves, though.
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Sure... by sms with standard mobile phone and with a software-token if you have a smartphone.

    Ah, ok, I understand.
     
  5. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    880
    Location:
    Triassic
    Do the bad guys still try to crack passwords? What if they were able to hack into the cloud servers where a backup of someones mobile device is kept? The backup stores the data and the WiFi password. Somehow the length of the pswd becomes mute if this were the case. Just asking.
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    With "if" scenario you can imaging whatever. In case of more realistic scenario all boils down to social engineering. Trick the user to install malware (PC/Mobile), trick the user to type credentials (bank/token)... etc.
     
  7. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Googe Gmail has 56 character password, with uppercases, lowecases, numbers, and punctuation marks arranged in a random order. Why doesn't Microsoft does the same and does it soon.

    Best regards,
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Why would they do it if it does not improve the security of the account? Security wise it is much better a two-factors authentication than a long password. You can by a mobile phone for 10$ out there if you have not one :D
     
  9. guest

    guest Guest

    Yes though, but at least make the limit to be longer. Now waiting for fingerprint recognition and retina scan to be included. :D
     
    Last edited by a moderator: Sep 15, 2013
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Why they would need to do so? The length of the password will not improve your security.

    I think users tends to forget that its not like a spy movie where you see the magic software running on hundreds of stellar servers trying billions of combination in a nanosecond.... you can't do that. The system will simply refuse the request after just few tries and the account locked.

    So, a 56 character password for this specific case (gmail, hotmail, etc) is simply not fitting the purpose, hacking of e-mail accounts happens with malware stealing the credentials (even if with 56 characters) and social engineering with the user or the provider :)
     
  11. guest

    guest Guest

    Hey, we can have overkill security setups, why couldn't we have overkill passwords? :p

    Unless it takes lots of money, I don't really see the need of limiting it to only 16 at max. Well, Mr. Johnson can use 16 characters PW because he thinks it's enough, Mr. Smith can use only 8 characters because he doesn't want to be bothered with PW managers and prefer to keep it in his head only, Mr. Bow is kind of paranoid, so he uses 47 characters PW and doesn't store it anywhere else. Then everyone's happy with whatever the length of the characters preferred by certain individuals.
     
  12. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Because it does not improve your security and therefore is not given as an option. So you can't... rightly so.
    Luckily they offer you better methods to secure your account. Up to you to choose.
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Certain hashing algorithms like bcrypt have a limit on the password length. Passwords are sometimes restricted for that reason.
     
  14. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Constructing a password with more entropy is more desirable then length.
     
Loading...
Thread Status:
Not open for further replies.