« Microsoft account login page updated with Metro-style; Wave 5 M4 release imminent?Windows Phone 8 consumer features to be unveiled at Nokia World on September 5? »

Microsoft account to enforce stricter password controls

Jul 23, 2012 6:28 am by damaster | 7 comments

If you are one of the lucky ones, you may have seen the new Metro-style Microsoft account page when you visit http://account.live.com. Well the update doesn’t simply involve a new look, but it appears the update also bring some new features. One of these new features we have noticed is the enforcement of stricter password controls which has been updated from the previous minimum password length requirement of 6 characters. The new password requirement now requires the following:

Passwords must have at least 8 characters
Passwords must contain at least two of the following: uppercase letters, lowercase letters, numbers, and symbols
Password can’t contain the part of your email address that comes before the @ sign (existing requirement)

Microsoft only just posted a week ago about the security mechanisms that are in place to protect your Microsoft account. The strengthening of password requirements adds to the security mechanisms already in place, which can only be a good thing.

The new password requirements won’t be enforced unless you manually changes your password on the new Microsoft account page. However, if your password is considered “weak”, you may receive a prompt when you next log in to ask you to change to a stronger password.

You can check out this Microsoft Safety and Security Center article to see how you can create a strong password. Given the increasing usage of Microsoft account across various cloud-connected products, including but not limited to Windows 8, Office 2013, Windows Phone, SkyDrive, Hotmail, Xbox LIVE, and much more, it is probably best that you safeguard your Microsoft account as best as you could.

This entry was posted in News and tagged Microsoft account, Wave 5. Bookmark the permalink.

http://anothersoandso.tumblr.com/ Chris Barry
How about removing the “Password must be shorter than 16 characters” requirement? Please?
- http://www.facebook.com/profile.php?id=100000386235192 Iain Berryman
  Indeed!
- Windows 8 user
  ”
  Password length – We are working on increasing this. Unfortunately, for historical reasons, the password validation logic is decentralized across different products, so it’s a bigger change than it should be and takes longer to get to market. It’s also worth noting that the vast majority of compromised accounts are through malware and phishing. The small fraction of brute force is primarily common passwords like “123456″ not due to a lack of complexity.” – Eric Doerr�
  http://windowsteamblog.com/windows_live/b/windowslive/archive/2012/07/15/keeping-your-microsoft-account-more-secure.aspx
  - http://www.facebook.com/nate.bross Nate Bross
    That’s all fine and good, since most accounts are not brute forced, but it is a lot easier for me to remember: “Long Secure Password For Microsoft Account” than “LsPw4M$Account!!”
http://twitter.com/my1login my1login
It’s a step in the right direction, but 8 character minimum still isn’t enough. As you say Chris, 16 is far too few to have as a maximum as well.
RoxEroX
Well I am seeing more than that now, they won’t let me into my account unless I fork over my phone number or another email addy. It doesn’t matter if you have a secret question/answer set up. The last time I checked, you couldn’t create a Google blog without giving them a cell number to text your Goggle generated password. With landlines going by the wayside, telemarketers are going to eventually lobby for cell numbers. And that will chime big buck$ for Google and the likes, especially when they can also provide other info about you.
Andrew_ww
I have more than 8, 3 out of the 4 things it must contain, and of course not the third point. Sure came a long way from my very first ever password: andrew