I understand why a well established service such as Microsoft's Hotmail (or Outlook) would prevent passwords that are too short, but why limiting password length on the opposite side?
I am switching management of my passwords to a password manager that I set up to generate random passwords 18 characters long with all the possible special symbols. As an example:
That is a good process, because by changing your old passwords you learn about all the security holes in your previously used services.
So when I was changing my Hotmail account password I got this message:
Your password can't be longer than 16 characters.
What a dumb statement! Are they using something like DES encryption or a similar broken block cipher? Can someone explain this limitation to me?
Recent Comments