Microsoft Azure has raised the character limit for passwords in Azure Active Directory (AD) from 16 to 256 characters. This makes it a lot harder to make brute force hacking attempts succeed.

“Many of you have reminded us that we still had a password limit of 16 characters for accounts created in Azure AD,” says Alex Simons of Microsoft, IT Pro writes. “Although our on premise Windows AD already allows longer passwords and passphrases, we previously did not support this for cloud user accounts in Azure AD.”

This is now changing with a much higher password limit. Passwords still have to meet at least three of the four essential criteria that Microsoft has set out in its policy. These are lower case, upper case, numbers and symbols. By the way, the minimum length of a password in Azure AD is still only eight characters.

Big difference

The website howsecureismypassword.net, which is used to check how long it takes to brutally force a password, states that there is a big difference between the power of an eight-character password and a 256-character password. An eight-character password with one capital letter and one number would be cracked in a month, IT Pro discovered.

A password of 137 characters would take 29,511,750,324 octogintillion years before it was cracked. Finally, IT Pro tried to get a password of 253 characters with the maximum number of capital letters allowed as a result. That turned out to be “forever. In other words, such a password could not be cracked by brute force.

Professor Bill Buchanan has also spoken previously about extremely secure passwords, using 128 bit AES keys. According to the professor, the energy needed to cook all the oceans on earth 16,384 times is required to break just one key.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.