Please increase the 16 character password limit for Windows Accounts

Overall I'm enjoying Windows 10 but I have a recommendation.

One of the new features of Windows 10 is that you can use your LIVE (Microsoft) account as the main account to login to windows locally and this will sync all your MS data across desktops. Handy, although you are forcibly switched over from a local account to the LIVE account as soon as you do something like, say, login to your email with your Outlook credentials.

Not cool, Microsoft! When will you learn people (users) like to make their own choices? Win10 should ask before switching away from a local profile.

A more serious beef is with the account password for the Microsoft account. It is limited to 16 characters! These days, a 16 character password is basically crackable using brute force methods. If your password is sufficiently random, it might take some time, but it can eventually be done using a powerful rig with multiple GPUs. 

This is absurd. In an age when password security is rapidly becoming obsolete, the least you should do is increase the password limit to something over 30 characters. 64 might be a good limit for now.

As long as you are 'encouraging' all your new Win10 free upgrade users to use their LIVE account to login, you should at least let them use password phrases (long strings) not silly outdated rules like mixing character types. Please reference this XKCD comic for more information.

Is there any word on when Microsoft is going to fix this glaring security hole? It is long past time to remove the 16 character limit. In fact -- they should require all passwords to be at least 16 characters long, but eliminate all of the other special character requirements since they do not help.



Discussion Info

Last updated October 5, 2020 Views 1,403 Applies to: