How many characters should have a password in order to be considered safe?
Office 365 limits the password lenght for users not synchronized with on-premise Active Directories to 16 characters. Can this considered to be safe?
Office 365 administrators need to be aware of the fact that the new Administrative Tools do not show a warning when a new user is created. When pasting an initial password into the textbox, no warning is displayed. But the password itself is already shortend to 16 characters automatically.
The summary page shows the shortend password after the new user has been created. The administrator needs to pay proper attention to the status summary to notice the shortend password.
When logging in for the first time the user experience is different. The user is notified that the password cannot exceed 16 characters.
Microsoft should rethink the limitiation of 16 characters to enhance the security level for user logon.