Ars Technica has an article over the background behind Hotmail and how it aquired the stigma it has since its purchase back in 1997 for $450 million. Over the years it served as a showcase for several types of failure, including the inability of Windows servers to work in production or to scale.
(Score: 3, Insightful) by DannyB on Tuesday January 02 2018, @07:07PM (4 children)
From TFA (on Ars Technica). . .
What in Valen's Name were they thinking? Did Microsoft not know about hash functions? And salts? The password could be of unlimited length, yet the storage would be fixed. Password strength requirements could still be tested before hashing. Or perhaps the Windows OS deliberately limited implementing smart ideas unless you purchased a more expensive version license?
Paid for by Americans for Renewable Complaining and Sustainable Whining.
The lower I set my standards the more accomplishments I have.
(Score: 3, Funny) by Rosco P. Coltrane on Tuesday January 02 2018, @07:15PM (1 child)
"password" and "abc123" don't require 16 characters.
(Score: 5, Funny) by DannyB on Tuesday January 02 2018, @07:58PM
At least you aren't suggesting 12345 which is reserved for presidents to use on their luggage.
The lower I set my standards the more accomplishments I have.
(Score: 2) by coolgopher on Tuesday January 02 2018, @10:13PM
Hotmail still has that limit, which by extension means Outlook.com also does, and that cascades onto the entire Microsoft Account (formerly "Live ID") so if you're using any MS cloudy service thingy, you're stuck in the dark ages with 16 characters. At some point I read that it was for compatibility with the old (well, ancient) Lan Manager, but IIRC that actually only did 14 characters.
If you're using a local Windows account however, you can have a 127 character password to log in with. If you don't care about the logging in aspect, you can go as high as 255 characters (unicode). Why the blazes those two numbers aren't the same beats me. Lazy coding or failed inter-departmental communication is my suspicion.
There were a lot of blogs on the topic when the 16 character limit was brought into the open back in 2012 [thenextweb.com], and things haven't moved since [thewindowsclub.com]. Yay Microsoft...
(Score: 1, Interesting) by Anonymous Coward on Tuesday January 02 2018, @10:37PM
Android still has a 16-character limit, and it is used for the encryption password as well.