Allow Long Passwords
the current max password is 16 chars, please make it larger
Longer is (Usually) Stronger section
source of current max length: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-policy
We now support up to 256 character passwords, including spaces. Please see Alex’s blog post for some more details:
My current Local AD password at my company is 30+ characters. I feel the limit on O365/Azure should be at least as long as one can do locally.
Igor A Duenas commented
16 chars is too short, increase to allow at least 20, going to 25 would be better.
Niclas Lindstedt commented
On the Swedish password reset page, it is not even stated that 16 characters is the maximum amount of characters. I figured this out after trying to enter a secure password for 15 minutes. When you RESET your password (by e-mail), it is stated that the maximum length is 16 characters.
It would be nice to know the reasons for this limitation. Are passwords stored as plain text strings at Microsoft? Since hashes are constant length no matter how long the password is, it seems strange to limit the length to 16 characters, since that is not enough for a strong password.
Modify the Change Password page maximum allowed characters length: https://account.activedirectory.windowsazure.com/changepassword.aspx
Currently the above Change Password page only allows for a max of 16 characters however, when a user's password expires, the update password page allows for more than 16 characters.