cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How are O365 passwords stored on servers and why are they limited to 16 characters ?

Pierre Kremer
Copper Contributor

‎May 14 2018 02:42 AM

‎May 14 2018 02:42 AM

How are O365 passwords stored on servers and why are they limited to 16 characters ?

Hello !

 

I am wondering how are O365 passwords stored on servers.


I guess they are SHA-2 hashed and then salted ... but then why are we limited to 16 characters ? I do not see any reason for that. Seriously.

 

Moreover, this low limit is not really part of the best practices ...

Labels:
675 Views
0 Likes
1 Reply
Reply
1 Reply
Vasil Michev

‎May 14 2018 10:26 AM

‎May 14 2018 10:26 AM

Re: How are O365 passwords stored on servers and why are they limited to 16 characters ?

That limit only applies to cloud-created accounts, and it will soon be lifted afaik. In any case, the industry is moving into a direction where passwords are things of the past, and we get more and more stuff around MFA and passwordless auth.

0 Likes
Reply