Will Dormann in exposing the half-measure Outlook patch also shows that more complex passwords with mixed-case letters plus digits and symbols is better than a simple long password.
The highest length of time to crack an 8 character password from NTLMv2 hash with a mere single mid-range GPU.
Longer passwords are better but you don’t need to go overboard. Adding just one more character to make a 9 char mixed-case, letters, digits and symbols increases the maximum time to solve from a year to 84 years!
That’s for a ‘brute force’ attack which tries all possible combinations.
Longer but not predictable
Any hacker will first try the still too common passwords like ‘password‘, ‘1234567890‘ or other combinations.
In practice, you should have a properly unique password with a Mixed-case letters, numbers and a symbol or two for example ‘St*ar*256‘
Two factor is even better
Office-Watch.com has strongly pushed the use of two-factor authentication for the important accounts like email and banking including Microsoft, Google and Facebook logins.
Two-factor authentication is a better choice than a longer or more complex password.
Both our Office 2016 and Windows 10 books have chapters devoted to Microsoft Account security and especially step-by-step setup of two-factor authentication.
