Microsoft goes to great lengths to polish Azure Active Directory's password policies

Doubtless with an eye on the current furore surrounding security and authentication, Microsoft has tweaked its Azure Active Directory policies to allow, er, longer passwords.

The limitation has been a vexing one for administrators for some time, since User Principal Names (UPNs) could be up to 113 characters, but cloud users were only allowed a maximum of 16 characters in their password.

On-premises AD admins have been able to smugly point to policies that allow for far more typo potential, but cloud users? Well, ThisIsMyPassw0rd was about your lot as far as length was concerned (note - that is a terrible, terrible password and if you're nodding in recognition, set fire to all your accounts).

Good news, however, as Microsoft has upped the limit to 256 characters (including spaces) from today meaning admins can now really vex users unable to use password managers.

The UK's National Cyber Security Centre (NCSC) has a bunch of tips around password policy including not slapping a cap on password length and, well, perhaps finding a way of avoiding peppering an organisation with the things through Single Sign-on systems or adding some extra security via Multi-Factor authentication (MFA.)

Microsoft Azure has a chequered history with MFA. Last November the service fell over, staggered to its feet then fell over again, like an overenthusiastic tourist at the Munich Oktoberfest.

Really Redmond would like passwords to be a thing of the past. Users still insist on choosing easy-to-guess examples and to that end the company has been pushing the likes of Windows Hello (the firm has recently had its appearance in the upcoming May 2019 Update of Windows 10 FIDO2 certified). Azure AD users have also been able to go password-less thanks to the Microsoft Authenticator app. Assuming Azure MFA is actually working, of course.

However, for those still dependant on a password, being able to enter some extra characters is a good thing. After all, when it comes to passwords, size matters. ®

Software News

May 17
Also: Accidental explosion in TypeScript type-checking de-borked in version 3.5
May 17
Risky business: Azure cloud rains bills
May 16
Making that migration to Azure Database for PostgreSQL that little bit easier
May 16
It looks like you're trying to build a full-stack web app in Visual Studio Code. Would you like some help with that?
May 16
Interview.NET Framework? Mono? Xamarin? .NET Core? Blazor? Java interop?
May 16
Make your app answer all the easy questions, like, 'Where can I download Chrome?'
May 16
Microsoft has dumped a load of ML code for its search algorithm