Secondo un articolo recente di TNW :
Microsoft doesn’t like long passwords. In fact, the software giant not only won’t let you use a really long one in Hotmail, but the company recently started prompting users to only enter the first 16 characters of their password.
Questa pratica sembra controproducente.
Avrebbero preso questa decisione sulla base di una limitazione o di un comportamento particolare del loro algoritmo di hashing?
Ragioni puramente legacy. Stanno lavorando per aumentarlo.
Da: link (vedere il commento di Eric Doerr in risposta a @MondayBlues):
Password length - We are working on increasing this. Unfortunately, for historical reasons, the password validation logic is decentralized across different products, so it's a bigger change than it should be and takes longer to get to market. It's also worth noting that the vast majority of compromised accounts are through malware and phishing. The small fraction of brute force is primarily common passwords like "123456" not due to a lack of complexity.
Leggi altre domande sui tag passwords