{"id":38928,"date":"2019-05-17T10:29:02","date_gmt":"2019-05-17T10:29:02","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=3a3e1c126af1ae61f5c100fe2563ed0f"},"modified":"2019-05-17T10:29:02","modified_gmt":"2019-05-17T10:29:02","slug":"uncrackable-passwords-introduced-to-microsoft-azure","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/uncrackable-passwords-introduced-to-microsoft-azure\/","title":{"rendered":"Uncrackable passwords introduced to Microsoft Azure"},"content":{"rendered":"<p><span class=\"field field-name-field-author field-type-node-reference field-label-hidden\"><br \/>\n      <span class=\"field-item even\"><a href=\"https:\/\/www.cloudpro.co.uk\/authors\/connor-jones\">Connor Jones<\/a><\/span><br \/>\n  <\/span><\/p>\n<div class=\"field field-name-field-published-date field-type-datetime field-label-hidden\">\n<div class=\"field-items\">\n<div class=\"field-item even\"><span class=\"date-display-single\">17 May, 2019<\/span><\/div>\n<\/p><\/div>\n<\/div>\n<p class=\"short-teaser\">\n<a href=\"https:\/\/www.cloudpro.co.uk\/\" title=\"\" class=\"combined-link\"><\/a><\/p>\n<div class=\"field field-name-body\">\n<p> Microsoft Azure has increased the character limit for passwords in Azure Active Directory from 16 to a massive 256 characters, making brute force hack attempts much more difficult.<\/p>\n<p>It seems to be a hot topic for Azure customers <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Azure-Active-Directory-Identity\/Removal-of-the-16-character-limit-for-passwords-in-Azure-AD\/ba-p\/565275\" >who have been reminding Microsoft<\/a> of its seemingly unsatisfactorily small limit for passwords.<\/p>\n<p>&#8220;Many of you have been reminding us that we still have a 16-character password limit for accounts created in Azure AD,&#8221; said Microsoft&#8217;s Alex Simons. &#8220;While our on-premises Windows AD allows longer passwords and passphrases, we previously didn&#8217;t have support for this for cloud user accounts in Azure AD.&#8221;<\/p>\n<p>&#8220;Today, I am pleased to announce that we have changed this limit, allowing you to set a password with up to 256 characters, including spaces,&#8221; he added.<\/p>\n<p>Passwords must still meet three out of the four essential criteria as set out in Microsoft&#8217;s <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/authentication\/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts\" >policy documentation<\/a>.<\/p>\n<ul>\n<li>Lowercase characters<\/li>\n<li>Uppercase characters<\/li>\n<li>Numbers (0-9)<\/li>\n<li>Symbols (@ # $ % ^ &amp; * &#8211; _ ! + = [ ] { } | \\ : &#8216; , . ? \/ ` ~ &#8221; ( ) \ud83d\ude09<\/li>\n<\/ul>\n<p>While account and password security are of paramount importance to IT users, Microsoft still won&#8217;t force you to create an <a href=\"https:\/\/www.cloudpro.co.uk\/it-infrastructure\/security\/7729\/how-to-check-if-your-passwords-have-been-stolen\" >iron-clad password<\/a>, keeping the minimum allowance at just a mere eight characters.<\/p>\n<p>The difference between an eight-character password and a 256 character one is huge, according to <em>howsecureismypassword.net,<\/em>\u00a0a website used to check how long it would take to brute force a password.<\/p>\n<p>We took three different passwords of varying lengths to see how long it would take to crack each of them. First up is &#8216;Jazzily1&#8217;, the minimum character requirement that adheres to three of Azure&#8217;s four essential criteria. This would take just one month to crack, according to the website.<\/p>\n<p>A middle ground 137-character password would take 29,511,750,324 octogintillion years (quite a lot) to crack, and the 253-character password we used at the upper limit of Azure&#8217;s allowance would take &#8216;forever&#8217;.<\/p>\n<p>Another way to look at hyper-secure passwords is Professor Bill Buchanan&#8217;s take on things regarding 128-bit AES keys. He said that in order to break one of these, it would take the energy required to boil <a href=\"https:\/\/medium.com\/@billatnapier\/boiling-every-ocean-on-the-planet-16-384-times-to-crack-a-single-key-a371fff425b3\" >every single one of Earth&#8217;s oceans 16,384 times<\/a> just to crack a single key.<\/p>\n<p>In related news, Microsoft recently gained FIDO certification for its <a href=\"https:\/\/www.itpro.co.uk\/microsoft-windows\/33595\/windows-10-gains-fido-certification-for-biometric-logins\" >Windows 10 authenticator Windows Hello<\/a> in the upcoming May 2019 upgrade, seemingly in an embryonic first step towards a passwordless Windows.<\/p>\n<p>Windows Hello will use <a href=\"https:\/\/www.cloudpro.co.uk\/it-infrastructure\/security\/7467\/citrix-wants-users-to-log-in-using-facial-recognition\" >facial recognition<\/a>, fingerprint scanning and a secure PIN number for more than 800 million Windows 10 devices starting next month &#8211; a service with cross-compatibility with other Microsoft services such as Office 365, OneDrive and more.<\/p>\n<p>&#8220;Our work with FIDO Alliance, W3C and contributions to FIDO2 standards have been a critical piece of Microsoft&#8217;s commitment to a world without passwords,&#8221; said principal group program manager with Microsoft Yogesh Mehta.<\/p>\n<p>&#8220;No one likes passwords (except hackers),&#8221; he added. &#8220;People don&#8217;t like passwords because we have to remember them. As a result, we often create passwords that are easy to guess &#8211; which makes them the first target for hackers trying to access your computer or network at work.&#8221;<\/p>\n<p>In the same May update, Microsoft will also <a href=\"https:\/\/www.itpro.co.uk\/security\/33522\/microsoft-says-expiring-passwords-are-no-longer-secure\" >stop enforcing its password expiration policies<\/a> which prompt users to change their passwords every few months.<\/p>\n<p>The company&#8217;s logic behind this came from the idea that if users are frequently changing passwords, they will be more inclined to just make small changes or even start writing them down; a big security no-no. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>      Connor Jones<\/p>\n<p>        17 May, 2019    <\/p>\n<p>       Microsoft Azure has increased the character limit for passwords in Azure Active Directory from 16 to a massive 256 characters, making brute force hack attempts much more difficult.<br \/>\nIt seems to &#8230;<\/p>\n","protected":false},"author":507,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-38928","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/38928","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/507"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=38928"}],"version-history":[{"count":2,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/38928\/revisions"}],"predecessor-version":[{"id":38936,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/38928\/revisions\/38936"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=38928"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=38928"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=38928"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}