'Uncrackable' passwords introduced to Microsoft Azure

Responding to community feedback, Microsoft has raised the character limit of its passwords for Azure AD

Typing a secure password

Microsoft Azure has increased the character limit for passwords in Azure Active Directory from 16 to a massive 256 characters, making brute force hack attempts much more difficult.

It seems to be a hot topic for Azure customers who have been reminding Microsoft of its seemingly unsatisfactorily small limit for passwords.

"Many of you have been reminding us that we still have a 16-character password limit for accounts created in Azure AD," said Microsoft's Alex Simons. "While our on-premises Windows AD allows longer passwords and passphrases, we previously didn't have support for this for cloud user accounts in Azure AD."

"Today, I am pleased to announce that we have changed this limit, allowing you to set a password with up to 256 characters, including spaces," he added.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Passwords must still meet three out of the four essential criteria as set out in Microsoft's policy documentation.

  • Lowercase characters
  • Uppercase characters
  • Numbers (0-9)
  • Symbols (@ # $ % ^ & * - _ ! + = [ ] { } | \ : ' , . ? / ` ~ " ( ) ;)

While account and password security are of paramount importance to IT users, Microsoft still won't force you to create an iron-clad password, keeping the minimum allowance at just a mere eight characters.

The difference between an eight-character password and a 256 character one is huge, according to howsecureismypassword.net, a website used to check how long it would take to brute force a password.

We took three different passwords of varying lengths to see how long it would take to crack each of them. First up is 'Jazzily1', the minimum character requirement that adheres to three of Azure's four essential criteria. This would take just one month to crack, according to the website.

A middle ground 137-character password would take 29,511,750,324 octogintillion years (quite a lot) to crack, and the 253-character password we used at the upper limit of Azure's allowance would take 'forever'.

Advertisement - Article continues below

Another way to look at hyper-secure passwords is Professor Bill Buchanan's take on things regarding 128-bit AES keys. He said that in order to break one of these, it would take the energy required to boil every single one of Earth's oceans 16,384 times just to crack a single key.

In related news, Microsoft recently gained FIDO certification for its Windows 10 authenticator Windows Hello in the upcoming May 2019 upgrade, seemingly in an embryonic first step towards a passwordless Windows.

Windows Hello will use facial recognition, fingerprint scanning and a secure PIN number for more than 800 million Windows 10 devices starting next month - a service with cross-compatibility with other Microsoft services such as Office 365, OneDrive and more.

"Our work with FIDO Alliance, W3C and contributions to FIDO2 standards have been a critical piece of Microsoft's commitment to a world without passwords," said principal group program manager with Microsoft Yogesh Mehta.

Advertisement
Advertisement - Article continues below

"No one likes passwords (except hackers)," he added. "People don't like passwords because we have to remember them. As a result, we often create passwords that are easy to guess - which makes them the first target for hackers trying to access your computer or network at work."

In the same May update, Microsoft will also stop enforcing its password expiration policies which prompt users to change their passwords every few months.

Advertisement - Article continues below

The company's logic behind this came from the idea that if users are frequently changing passwords, they will be more inclined to just make small changes or even start writing them down; a big security no-no.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/microsoft-azure/34748/meet-azure-arc-a-microsoft-platform-for-those-that-want-a-bit-of-everything
Microsoft Azure

Meet Azure Arc, a platform to simplify deployment management

4 Nov 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020