+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 27
Cloud Services Thread, Ridiculous Password Requirements for Office 365 email in Technical; Is anyone else having a problem with this? The new password restrictions for Exchange Online are overly complicated. - Use ...
  1. #1
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    4,002
    Thank Post
    983
    Thanked 476 Times in 398 Posts
    Blog Entries
    12
    Rep Power
    98

    Ridiculous Password Requirements for Office 365 email

    Is anyone else having a problem with this? The new password restrictions for Exchange Online are overly complicated.

    - Use of uppercase letter
    - Use of number
    - Use of 8 characters long

    I mean come on, thats just over the top Anyone know a way of changing the requirements?

    At the moment I am resetting everyones password using the admin console which seems to allow 6 letter passwords. The younger kids just cant remember such complicated passwords.

  2. #2

    Join Date
    Aug 2009
    Posts
    289
    Thank Post
    21
    Thanked 22 Times in 19 Posts
    Rep Power
    14
    As far as I know, no. This was introduced with the Live@Edu > Office365 for Education migration. How are you resetting their passwords and keeping them? I thought that as soon as the user logged in with the reset password it asked them to change it?

    I don't see it as a bad thing to be honest and actually set our security policy to this for staff...

  3. #3


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    7,055
    Thank Post
    232
    Thanked 923 Times in 792 Posts
    Rep Power
    308
    Quote Originally Posted by Blue_Cookeh View Post
    As far as I know, no. This was introduced with the Live@Edu > Office365 for Education migration. How are you resetting their passwords and keeping them? I thought that as soon as the user logged in with the reset password it asked them to change it?

    I don't see it as a bad thing to be honest and actually set our security policy to this for staff...
    my problem with secure passwords is that people just write them down on a bit of paper/diary so ive found them in real use less secure

  4. #4

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    575
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    47
    I feel this is the time for:

    password_strength.png

  5. #5

    Join Date
    Jun 2008
    Location
    Kensington, London
    Posts
    372
    Thank Post
    59
    Thanked 36 Times in 32 Posts
    Rep Power
    32
    Quote Originally Posted by Blue_Cookeh View Post
    As far as I know, no. This was introduced with the Live@Edu > Office365 for Education migration. How are you resetting their passwords and keeping them? I thought that as soon as the user logged in with the reset password it asked them to change it?

    I don't see it as a bad thing to be honest and actually set our security policy to this for staff...
    When resetting passwords you can choose whether to make the user change this on login

  6. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,516
    Thank Post
    526
    Thanked 2,641 Times in 2,045 Posts
    Blog Entries
    24
    Rep Power
    923
    Quote Originally Posted by Willott View Post
    I feel this is the time for:

    password_strength.png
    Demonstrably false. A simple dictionary attack could stomp its way through that second password in no time.

  7. #7
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    4,002
    Thank Post
    983
    Thanked 476 Times in 398 Posts
    Blog Entries
    12
    Rep Power
    98
    I've had nearly 50 students come to me in the last few days who have forgotten their passwords. Last year I probably had less than 5.

    I enter in their password manually which can be 6 character passwords if you use the admin console.

  8. #8

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,680
    Thank Post
    49
    Thanked 482 Times in 349 Posts
    Rep Power
    143
    I dont think you can shorten the password but you can set it not to expire using powershell.

  9. #9

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,268
    Thank Post
    379
    Thanked 388 Times in 343 Posts
    Rep Power
    150
    Does the ADFS or whatever the AD synchronisation tool not restrict the user to having passwords without the complex policy? We currently use Live@Edu and are looking to move to Office 365 with the AD linked together, currently our passwords need to be longer than 6 characters to sync, but I may need to think twice over the migration if the complexity of the user passwords will need to change again.

  10. #10
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    4,002
    Thank Post
    983
    Thanked 476 Times in 398 Posts
    Blog Entries
    12
    Rep Power
    98
    Quote Originally Posted by localzuk View Post
    Demonstrably false. A simple dictionary attack could stomp its way through that second password in no time.
    As far as I know... there is no tool available to "dictionary attack" Office 365.

    I believe it locks your account after a certain number of password fails too.

    Its a classic case of making passwords so complicated, they become less secure because no one can remember them
    Last edited by zag; 11th September 2012 at 10:07 AM.

  11. #11

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,342
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    When you bulk import users using a CSV, you could specify random 6 numbered passwords (this is how I do it), but do not force the user to change their password. Provide instructions giving them the option to do so.

    Just write a small excel formula to generate the random numbers.
    Last edited by Michael; 11th September 2012 at 10:17 AM.

  12. #12
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    4,002
    Thank Post
    983
    Thanked 476 Times in 398 Posts
    Blog Entries
    12
    Rep Power
    98
    Cool that's a really good idea! Hadn't thought of that.

    I have no problem with a random shorter password. I guess its the fact I was letting the kids choose their own password thats the problem.

    Thanks.

  13. #13

    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,842
    Thank Post
    219
    Thanked 271 Times in 219 Posts
    Rep Power
    69
    Quote Originally Posted by localzuk View Post
    Demonstrably false. A simple dictionary attack could stomp its way through that second password in no time.
    147000 words in a dictionary 147000 x 147000 x 147000 x 147000 and that is assuming you know how the password is put together! But the point is you don't know how someone has put their password together so to brute force you have to do by character.

    I use simple sentences "i like to eat cake on friday"

  14. #14

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    They are just enforcing the standard 2k8 domain password policy

    Rob

  15. #15

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    116
    Haven't looked at it's effect so don't know if it works, but the set-msoluser cmdlet has a StrongPasswordRequired switch in addition to the one I was setting to $true (PasswordNeverExpires).



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Office 365 for education A2 now free
    By apearce in forum Cloud Services
    Replies: 1
    Last Post: 16th March 2012, 12:19 PM
  2. Office 365 for education
    By teejay in forum Cloud Services
    Replies: 1
    Last Post: 13th February 2012, 05:32 PM
  3. Replies: 2
    Last Post: 5th February 2012, 02:32 PM
  4. One post required for posting Links and Email
    By primaryt in forum Comments and Suggestions
    Replies: 3
    Last Post: 25th February 2011, 12:54 PM
  5. Replies: 3
    Last Post: 20th October 2010, 10:35 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •