Allow for password length longer then 16 characters.
Jim Lloyd commented
How is 15 characters secure? One of my users has been using longer-than-15-character passwords, changing the characters after character 15. They were also using IE11, because that is the only one that worked. It worked because IE 11 truncates characters 16+... So, Office 365/Azure Exchange ignores the extra characters!
Please, please, please... Update this lack of security!
Allow longer passwords
Please Increase maximum password length to 64 characters.
Peter Janeczko commented
Allow longer password
John Pimentel commented
16 Characters should be the minimum length not the maximum... NIST calls for up to 64 characters. Please let's get with the program here.
Cory Johnson commented
Allow longer passwords please, new NIST guidelines allow up to 64 characters
I agree, maximum password length of 16 is not enough!
I agree. Please as soon as possible
Jim Lloyd commented
I agree. Not only should more than 16 be possible, but the minimum should able to be raised above 8. As more user information leaves the internal space for cloud, higher entropic density is necessary to retain a level of security. The use of password managers to increase differentiation of passwords between multiple login locations is continually gaining in popularity. I will propose that raising both the minimum and maximum character occur, simultaneously.
L'authentification multifacteurs n'est pas possible pour moi.
Aussi, avoir une longueur minimale de mot de passe supérieure serait une bonne chose.
8 caractères minimum est vraiment trop peu de nos jours.
De même que la longueur maximale. Avec des phrases de passes, la limite de 16 caractères est vite atteinte.
Sander H. commented
I usually create passwords in our local AD that are much longer than 16 characters (because Dutch is a weird language) and this arbitrary 16-character length restriction forces me to weaken our security, or force users to memorize different passwords.
A maximum password length requirement is really something that should be corrected as soon as possible.
David B commented
Consider deploying multi-factor authentication instead of extending password length
Someone Special commented
I'm pretty sure Office 365 / Exchange still uses the incredibly insecure md4 hashes which is why their 'wonderful' platform maxes out at 16 characters.
Robby De Laet commented
Size matters, in case of passwords. Please increase password length to at least 64 characters. Can't believe this issue has not been fixed yet. Can't be hard to increase the size of a field. If it is, it's probably due to bad programming habits.
Tonny Wildeman commented
The most probable reason something like this isn't implemented is that it impacts usability and backwards compatibility somewhere. Something like the reason why there is no Windows 9.
I saw another uservoice request about a password input field that won't allow longer password input fields.
But this is probably done by some junior who looked up the password restrictions of ms and implemented as such. Obvious an assumption fault. Funny thing is that I assume as well here :D
It would be nice to know why these restrictions are chosen by the microsoft security team in the first place. I assume these are from old password security insights and guidelines. Which have been surpassed by newer insights and guidelines set by e.g. the NIST in another comment on this request.
Ergo, have administrators alter the password restrictions and requirements. An admin now has to jump through hoops, and use workarounds to update passwords that are restricted by the microsoft password security business layer.
Please help us admins and security professionals.
Full ack... Please increase
Agree with other commenters, please increase length, very important.
Darren BL commented
Passwords for on-Premises Active Directory accounts synchronized to Office 365 using DirSync are not bound by this restriction (longer than 16 characters works) but ironically the DirSync user account itself (which must be a cloud account) is limited to 16 characters?
This makes no sense and seems to me to be a security risk. Please change the maximum password length to be the same as in on-premises Active Directory.
Someone Special commented
NIST states that the minimum, maximum password length as of 2016 should be no less than 64 characters given current computational power, 16 characters is absolutely ridiculous and something to be ashamed of as it puts the security and privacy of users subjected to this project at risk.