14 DAY TRIAL // At this point, Microsoft account users need to set up passwords with a maximum of 16 characters, which is a bit weird given the fact that so many security experts recommend everyone to pick long and complex passwords.
The Outlook.com team explained in an AMA session on Reddit that the reason behind the 16-character limit is pretty much based on the way cybercriminals are now trying to break into users' accounts, with phishing and malware still serving as the common techniques.
As a result, long passwords aren't quite a must-have, a member of the team explained.
“Please note our research has shown uniqueness is more important than length and (like all major account systems) we see criminals attempt to victimize our customers in various ways; however, while we agree that in general longer is better, we’ve found the vast majority of attacks are through phishing, malware infected machines and the reuse of passwords on third-party sites – none of which are helped by very long passwords,” the Outlook.com team explained.
“Sixteen characters has been the limit for years now. We will always prioritize the protection needs of users’ accounts and we will continue to monitor the new ways hijackers and spammers attempt to compromise accounts, and we design innovative features based on this. At this time, we encourage customers to frequently reset their Microsoft account passwords and use unique passwords that are different from other services.”
And still, Microsoft is currently working to increase the maximum character limit for Outlook.com accounts, but no deadline has been provided. It did, however, mention that it could take “longer” to get to the market.
“We are working on increasing the password length. Unfortunately, for historical reasons, the password validation logic is decentralized across different products, so it's a bigger change than it should be and takes longer to get to market.”