Allow passwords longer than 16 characters, particularly for Global Admin and service accounts
Office 365 should allow passwords longer than 16 characters, particularly for Global Admin and service accounts, such as the one used by DirSync. Service account passwords should be long enough so that they can be entered without being remembered. Also, sometimes a Global Admin needs to log on in front of a user. A longer password would ensure that the user has less of a chance of remembering the password.
Looks like ticket https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/16436995-password-length links through to https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/20461909-allow-long-passwords where they state that custom password complexity rules are in beta.
The 90's called and they want their archaic password limitations back. My Linux environments has better password security than what Microsoft offers!
Microsoft is done one of two things.
1. Encrypting passwords so they can be retrieved by the Admin or Five Eyes (Government programs just like PRISM which Microsoft is/was part of).
2. Hashing algorithm is old and insecure.
All I can say is Microsoft lacks quality security. And any data breach will easily produce raw passwords in a very quick manner.
Scott Turner commented
What kind of idiot puts a length restriction on something that gets hashed as one item?
Welcome hackers, you don't have to try any combinations other than between 8 and 16 characters.
I know that there isn't a technological challenge to more than 16 characters even for Microsoft. Windows allows more.
I concur with Victor S. Ironically, it is often easier to remember long pass phrases that one is comfortable with than short, artificially-contrived ones that you have to write down.