What is the maximum length of the password in Windows systems? That is a question that may have crossed your mind sometimes. This post attempts to clear the confusion surrounding the many different versions of related articles on the Internet on this subject.
Having Strong Passwords is a must and is the first line of defense against hackers. You need to have a strong password to protect your online accounts as well as your Windows computers. Generally speaking, I would recommend using passwords with length of 10 characters at least, with a mix of random special characters, capital, and lower case alphabets & numerals to make the password or passphrase unbreakable. But the question bothering most of us is what is the maximum password length allowed in Windows 10.
Maximum length of password in Windows 10
Older Operating Systems prior to Windows XP
While the article is focused on Windows 10, I would like to take a minute to talk about the previous operating systems. These operating systems – MS-DOS, Windows 95, and Windows 98 – were created in an era when security was not taken so seriously as it is taken today. Threats and times were different then! It was only with Windows NT, did things change.
Coming to a password, in older operating systems, it depended on the programs you were running. Login passwords could not handle more than 14 characters. These too, had some limitations. They wouldn’t accept white spaces like space characters or a tab character. Some other special characters were also forbidden. But you could still create passwords that were strong – using a combination of lower and upper case alphabets, numbers, and certain special characters.
If you still use Windows 98 or prior operating systems for some reason, it is better to keep the passwords limited to 14 characters. In case you have a network where you have modern operating systems along with the older ones, the Server passwords better be less than or equal to 14 characters, or you may face problems logging in to those systems.
Max password length in Windows 10, Server & other modern operating systems
Internally, Windows represents passwords in 256-character UNICODE strings. The logon dialog is limited to 127 characters, however. Therefore, the longest password that can be used to log on interactively to a computer running Windows is 127 characters. Theoretically, programs such as services can use longer passwords, but they must be set programmatically because the password change dialog will not allow a password longer than 127 characters, says an article about Passwords FAQ on TechNet.
Technically, the length of passwords can be a maximum of 127 characters according to Microsoft. 127 characters mean that you can create easy phrases that you can easily remember and yet are strong passwords. However, some other considerations associated with these operating systems make you use shorter passwords.
For example, if you use a Microsoft Account to log into your Windows 10 computer, you are not allowed 127 characters. This is because Microsoft accounts (Live, Outlook, Hotmail etc) have a maximum limit of 16 characters only. Thus, even though the login box of Windows 10 allows 127 characters, you are forced to use a password of maximum 16 characters. Yahoo and Google are better in this case that allows 32 and 200 characters respectively.
When you sign in to your Microsoft account with a long password, you might see the following error message:
Microsoft account passwords can contain up to 16 characters. If you’ve been using a password that has more than 16 characters, enter the first 16.
This doesn’t mean that your password has been shortened. Windows Live ID passwords were always limited to 16 characters and any additional password characters were ignored by the sign-in process. When Microsoft changed “Windows Live ID” to “Microsoft account,” they also updated the sign-in page to let you know that only the first 16 characters of your password are necessary. To avoid this error message in the future, you only need to enter the first 16 characters of your password, says Microsoft.
The minimum number of characters used in Windows login and Microsoft Accounts is 8 characters and you can include all types of special characters (except the white space characters such as space and tabs etc). You can also use ALT+Numpad to create special characters and Windows 10 will happily accept that.
Login Dialog and Reset Password Dialogs
The login and reset password dialogs use “Windows elements” such as text boxes or combo boxes that can display only 32 characters at a time. But since the technical limit is 127 characters, you can continue to type the passwords even if you reach the max 32 characters’ limit of text and combo boxes. The text box will not display only the last 32 characters but you can be assured that all of the 127 characters have been logged by the login dialog and password reset dialogs. They will simply remove the initial characters and you may feel that the password is truncated to the last 32 characters but that is not the case. As mentioned earlier, all the 127 characters are accepted though not displayed in the text box owing to their limitations.
Imposing restrictions on Passwords
Talking of passwords, it becomes necessary to impose restrictions on password policies that hardens Windows login policy and makes users create strong passwords. You can use Group Policy Editor or command prompt to force restrictions on password – such as imposing minimum and maximum length of passwords, force usage of special characters, expiry of passwords, and more.
To sum up what is the maximum password length in Windows 10 –
- The minimum length is 8 characters and the maximum is 127 characters for a Local Account
- If you use Microsoft Account to log into your Windows 10 machine, you cannot use more than 16 characters
- If you are using operating systems older than NT, limit the passwords to 14 characters else you’d face login problems.