Home

How are O365 passwords stored on servers and why are they limited to 16 characters ?

Highlighted
Pierre Kremer
Occasional Visitor

Hello !

 

I am wondering how are O365 passwords stored on servers.


I guess they are SHA-2 hashed and then salted ... but then why are we limited to 16 characters ? I do not see any reason for that. Seriously.

 

Moreover, this low limit is not really part of the best practices ...

1 Reply

That limit only applies to cloud-created accounts, and it will soon be lifted afaik. In any case, the industry is moving into a direction where passwords are things of the past, and we get more and more stuff around MFA and passwordless auth.

Related Conversations
Urgent - Teams and Yealink
reditguy in Microsoft Teams on
4 Replies
Restoring deleted "Files" folder
Daniel Carp in Microsoft Teams on
15 Replies
Quarantine Digest
Jerry Gonzalez in Microsoft 365 on
2 Replies
O365 Multi-Geo & Multi Tenant
Yatin Ramnath Naik in Office 365 on
1 Replies