Today I learned that the new password policy for Office 365 specifies an upper limit on password length.
Yes, that’s right folks, some special person decided that passwords for Office 365, and therefore Exchange Online, should be 8-16 characters in length. As for why I have no idea.
Personally I think an upper limit on password length is retarded. I currently use a password scheme based on a short meaningful phrase which often results in passwords of over 16 characters.
According to my friend in our IT services team this limitation is not in place for those people who are using ADFS, so I guess the takeout here is ADFS is good, and as far as Office 365 goes, you can be “too secure”