+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 27
Cloud Services Thread, Ridiculous Password Requirements for Office 365 email in Technical; Is anyone else having a problem with this? The new password restrictions for Exchange Online are overly complicated. - Use ...
  1. #1
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,765
    Thank Post
    898
    Thanked 416 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    87

    Ridiculous Password Requirements for Office 365 email

    Is anyone else having a problem with this? The new password restrictions for Exchange Online are overly complicated.

    - Use of uppercase letter
    - Use of number
    - Use of 8 characters long

    I mean come on, thats just over the top Anyone know a way of changing the requirements?

    At the moment I am resetting everyones password using the admin console which seems to allow 6 letter passwords. The younger kids just cant remember such complicated passwords.

  2. #2

    Join Date
    Aug 2009
    Posts
    261
    Thank Post
    19
    Thanked 19 Times in 17 Posts
    Rep Power
    14
    As far as I know, no. This was introduced with the Live@Edu > Office365 for Education migration. How are you resetting their passwords and keeping them? I thought that as soon as the user logged in with the reset password it asked them to change it?

    I don't see it as a bad thing to be honest and actually set our security policy to this for staff...

  3. #3


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,588
    Thank Post
    228
    Thanked 856 Times in 735 Posts
    Rep Power
    296
    Quote Originally Posted by Blue_Cookeh View Post
    As far as I know, no. This was introduced with the Live@Edu > Office365 for Education migration. How are you resetting their passwords and keeping them? I thought that as soon as the user logged in with the reset password it asked them to change it?

    I don't see it as a bad thing to be honest and actually set our security policy to this for staff...
    my problem with secure passwords is that people just write them down on a bit of paper/diary so ive found them in real use less secure

  4. #4

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    574
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    46
    I feel this is the time for:

    password_strength.png

  5. #5

    Join Date
    Jun 2008
    Location
    Kensington, London
    Posts
    372
    Thank Post
    59
    Thanked 36 Times in 32 Posts
    Rep Power
    31
    Quote Originally Posted by Blue_Cookeh View Post
    As far as I know, no. This was introduced with the Live@Edu > Office365 for Education migration. How are you resetting their passwords and keeping them? I thought that as soon as the user logged in with the reset password it asked them to change it?

    I don't see it as a bad thing to be honest and actually set our security policy to this for staff...
    When resetting passwords you can choose whether to make the user change this on login

  6. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    Quote Originally Posted by Willott View Post
    I feel this is the time for:

    password_strength.png
    Demonstrably false. A simple dictionary attack could stomp its way through that second password in no time.

  7. #7
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,765
    Thank Post
    898
    Thanked 416 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    87
    I've had nearly 50 students come to me in the last few days who have forgotten their passwords. Last year I probably had less than 5.

    I enter in their password manually which can be 6 character passwords if you use the admin console.

  8. #8

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,625
    Thank Post
    49
    Thanked 460 Times in 336 Posts
    Rep Power
    140
    I dont think you can shorten the password but you can set it not to expire using powershell.

  9. #9

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,206
    Thank Post
    372
    Thanked 377 Times in 335 Posts
    Rep Power
    148
    Does the ADFS or whatever the AD synchronisation tool not restrict the user to having passwords without the complex policy? We currently use Live@Edu and are looking to move to Office 365 with the AD linked together, currently our passwords need to be longer than 6 characters to sync, but I may need to think twice over the migration if the complexity of the user passwords will need to change again.

  10. #10
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,765
    Thank Post
    898
    Thanked 416 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    87
    Quote Originally Posted by localzuk View Post
    Demonstrably false. A simple dictionary attack could stomp its way through that second password in no time.
    As far as I know... there is no tool available to "dictionary attack" Office 365.

    I believe it locks your account after a certain number of password fails too.

    Its a classic case of making passwords so complicated, they become less secure because no one can remember them
    Last edited by zag; 11th September 2012 at 09:07 AM.

  11. #11

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    When you bulk import users using a CSV, you could specify random 6 numbered passwords (this is how I do it), but do not force the user to change their password. Provide instructions giving them the option to do so.

    Just write a small excel formula to generate the random numbers.
    Last edited by Michael; 11th September 2012 at 09:17 AM.

  12. #12
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,765
    Thank Post
    898
    Thanked 416 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    87
    Cool that's a really good idea! Hadn't thought of that.

    I have no problem with a random shorter password. I guess its the fact I was letting the kids choose their own password thats the problem.

    Thanks.

  13. #13
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,782
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    Quote Originally Posted by localzuk View Post
    Demonstrably false. A simple dictionary attack could stomp its way through that second password in no time.
    147000 words in a dictionary 147000 x 147000 x 147000 x 147000 and that is assuming you know how the password is put together! But the point is you don't know how someone has put their password together so to brute force you have to do by character.

    I use simple sentences "i like to eat cake on friday"

  14. #14

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    They are just enforcing the standard 2k8 domain password policy

    Rob

  15. #15

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Haven't looked at it's effect so don't know if it works, but the set-msoluser cmdlet has a StrongPasswordRequired switch in addition to the one I was setting to $true (PasswordNeverExpires).

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Office 365 for education A2 now free
    By apearce in forum Cloud Services
    Replies: 1
    Last Post: 16th March 2012, 11:19 AM
  2. Office 365 for education
    By teejay in forum Cloud Services
    Replies: 1
    Last Post: 13th February 2012, 04:32 PM
  3. Replies: 2
    Last Post: 5th February 2012, 01:32 PM
  4. One post required for posting Links and Email
    By primaryt in forum Comments and Suggestions
    Replies: 3
    Last Post: 25th February 2011, 11:54 AM
  5. Replies: 3
    Last Post: 20th October 2010, 09:35 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •