Today I learned that the new password policy for Office 365 specifies an upper limit on password length.
Yes, that’s right folks, some special person decided that passwords for Office 365, and therefore Exchange Online, should be 8-16 characters in length. As for why I have no idea.
Personally I think an upper limit on password length is retarded. I currently use a password scheme based on a short meaningful phrase which often results in passwords of over 16 characters.
According to my friend in our IT services team this limitation is not in place for those people who are using ADFS, so I guess the takeout here is ADFS is good, and as far as Office 365 goes, you can be “too secure”
Apparently, the length is due to Hotmail compatibility per Outlook.com password length limit (http://help.outlook.com/en-us/140/cc540536.aspx). Unknown if Microsoft is going to address this in their next Office 365 release in 2013, but the limit is absolutely stupid.