Microsoft Tech Community Live:  Microsoft Teams Edition
November 09, 2021, 08:00 AM - 12:00 PM (PST)

Maximum password size is arbitarily small

%3CLINGO-SUB%20id%3D%22lingo-sub-2066000%22%20slang%3D%22en-US%22%3EMaximum%20password%20size%20is%20arbitarily%20small%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2066000%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20someone%20who%20uses%20a%20password%20manager%20and%20recently%20signed%20up%20for%20a%20teams%20account%20I%20was%20frustrated%20that%20the%20generated%20password%20from%20my%20password%20manager%20was%20%22too%20long%22.%26nbsp%3B%20How%20is%20this%20a%20thing%3F%26nbsp%3B%20I've%20never%20had%20a%20website%20reject%20a%20password%20for%20being%20too%20long.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20could%20understand%20a%20limit%20on%20passwords%20over%201000%20characters%20or%20something%20to%20avoid%20a%20dos%20attack%20on%20the%20hashing%20function.%26nbsp%3B%20The%20default%20configuration%20of%20my%20password%20manager%20generates%2025%20character%20passwords.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20teams%20is%20going%20to%20be%20accepted%20as%20a%20modern%20communication%20tool%20it%20shouldn't%20have%20absurd%20password%20restrictions.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20couldn't%20find%20a%20better%20place%20to%20report%20this%20bug.%26nbsp%3B%20Please%20let%20me%20know%20if%20it%20is%20out%20of%20place%20here%20and%20should%20be%20posted%20somewhere%20else.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2066000%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdministrator%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EUser%20Interface%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2067059%22%20slang%3D%22en-US%22%3ERe%3A%20Maximum%20password%20size%20is%20arbitarily%20small%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2067059%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F931110%22%20target%3D%22_blank%22%3E%40tyler-picknik%3C%2FA%3E%26nbsp%3BIf%20you%20use%20the%20payed%20version%20of%20Teams%20you%20will%20use%20Azure%20Active%20Directory%20for%20your%20accounts%20and%20then%20the%20maximum%20length%20is%20256%20characters.%26nbsp%3B%20I%20Teams%20free%20you%20use%20a%20Microsoft%20Account%20to%20sign%20in%20(same%20as%20Outlook.com)%20and%20then%20the%20limit%20is%2016%26nbsp%3Bcharacters.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.thewindowsclub.com%2Fmaximum-length-of-password-windows-10%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EWhat%20is%20the%20maximum%20length%20of%20password%20in%20Windows%2010%3F%20(thewindowsclub.com)%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EInstead%20of%20having%20a%20long%20password%20Microsoft%20recommends%20to%20have%20a%20complex%20password%20together%20with%20MFA%20for%20Microsoft%20Accounts.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Faccount-billing%2Fhow-to-use-two-step-verification-with-your-microsoft-account-c7910146-672f-01e9-50a0-93b4585e7eb4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EHow%20to%20use%20two-step%20verification%20with%20your%20Microsoft%20account%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

As someone who uses a password manager and recently signed up for a teams account I was frustrated that the generated password from my password manager was "too long".  How is this a thing?  I've never had a website reject a password for being too long. 

 

I could understand a limit on passwords over 1000 characters or something to avoid a dos attack on the hashing function.  The default configuration of my password manager generates 25 character passwords.

 

If teams is going to be accepted as a modern communication tool it shouldn't have absurd password restrictions. 

 

I couldn't find a better place to report this bug.  Please let me know if it is out of place here and should be posted somewhere else.

2 Replies

@tyler-picknik If you use the payed version of Teams you will use Azure Active Directory for your accounts and then the maximum length is 256 characters.  I Teams free you use a Microsoft Account to sign in (same as Outlook.com) and then the limit is 16 characters.

 

What is the maximum length of password in Windows 10? (thewindowsclub.com)

 

Instead of having a long password Microsoft recommends to have a complex password together with MFA for Microsoft Accounts.

How to use two-step verification with your Microsoft account