Now, could anyone explain why you would put a limit of 16 characters in a password on a modern web-service? Don't the recommendations for a very safe password normally specify more than that?
I see much reason for setting a minimum amount, but not a maximum of less than a hundred characters (to give some room) at least.
The common gospel around here is to say "Use bcrypt.", but very few people say (or know?) that its maximum input length is 55 bytes, i.e. 55 ASCII characters, or far fewer unicode characters. Most implementations actually cut off the remainder, which is a very dangerous thing to do since you might have people who use a relatively simple passphrase followed by a strong password which happens to be beyond the maximum length, and is lost.
For most other hash algorithms, if you use a hash function with an output size of 256 bits, you will lose entropy if the input contains more than 256 bits of entropy. It is a little hard to measure what the maximum length should be for e.g. passwords, but the length should almost never be unlimited. It conveys a false, and in some cases, e.g. with bcrypt, quite dangerous sense of security.
Horribly disappointed.
When I opened Outlook.com I noticed that someone else's name was showing up. I went to the profile and changed it. Then I went to the People section and noticed there were a lot of contacts listed (a couple of hundred probably), and someone tried to talk to me on Messenger. This seems like a pretty big bug. I'm not sure if it imported the wrong data into my new account or if it linked my account to this other persons. Either way, pretty big security concern.
However, I would never ever change my primary email to a new service that has not really been tested in the wild yet. Maybe in six months or a year, if everything runs stable by then.
Go to the little gear in the upper-right corner next to your name and click "Feedback" in the resultant popup. I don't know the exact details of your email address and the steps you took to get into this state, otherwise, I would just provide feedback myself.
Disclaimer: Microsoft Employee. Not part of the team that made this.
1) Added my personal domain to the domain list. 2) Inputted my me@mydomain.com email address into some form. 3) Went to Outlook.com and saw someone else's name, and some else's contacts.
I'm pretty sure #2 is where the problem occurred. Hopefully someone at Microsoft familiar with the process will be able to figure this out. I'll provide the feedback.
- Click your username in the upper right, click sign out
- click the 'sign in' button on the next page
- click the white 'sign up' button on the bottom left
- see @outlook.com text box four entries downI can't even get to the new outlook.com with my hotmail.com address; it was only after creating a brand new outlook.com address that I was able to see what all the fuss was about
This is a refreshing take on email, I have been growing tired of the sluggishness of Gmail myself. I also like the way the ads look on the right and when you hover you see an image of the product. I have always hated the way Google ads look.
(I just spent a long time browsing through and deleting the ~3000 old spam messages in my Hotmail inbox, ~30 at a time. I much prefer the feeling of control and stability that Gmail gives you when doing something similar.)
* No ajax on name availabilty
* very limited secret question options ( min of 5 chars for answers)
* Wasn't overly obvious which fields were required until you hit submit ( in the end I think they were all required)
* Initially there was a smug looking guy on the login page(pretty nitty picky) he seems to be gone now but if goto www.outlook.com you get a broken image