Did you like this?
friends and colleagues.
By: Dan Goodin, Ars Technica
For years, Microsoft engineers have quietly limited Hotmail passwords to 16 characters, a revelation that has surprised and concerned some users who have long entered passcodes twice that long to access accounts.
One such user is Costin Raiu, the director of the global research and analysis team at antivirus provider Kaspersky Lab. On Friday he reported receiving a new error message when he entered the same 30-character passcode he long used on the Microsoft site. When he typed in the first 16 characters, as the error message directed him to do, he was able to access his account just fine. The change concerned Raiu, because it meant that for years his Hotmail account hadn't been as secure as he was led to believe.
"To pull off this trick with older passwords, Microsoft has two choices," he wrote. Choice one: "Store full plaintext passwords in their [database]; compare the first 16 [characters] only." Choice two: "Calculate the hash only on the first 16; ignore the rest."
Related Business News Articles
“Kaspersky Lab’s subsidiary, Kaspersky Government Security Solutions (now KGSS Inc.), paid Gen. Flynn a speaker fee for remarks at the 2015 Government Cybersecurity Forum in Washington, DC, which brought together leading government, military, technology and policy experts to discuss the challenges and solutions for cybersecurity threats facing the government and related industries.Learn more >
Today, Kaspersky Lab has released Kaspersky Fraud Prevention Cloud, a new solution for organizations facing risks from fraudulent activity as a result of fast-growing online services.Learn more >
Kaspersky Lab North America today announced its sponsorship of The Windham Windup -- Team 3467 in the FIRST® Robotics Competition, an international high school robotics competition.Learn more >