Headline is inaccurate. Seems to only be a restriction on live accounts, not windows 8. If you use a non-live account to log in, there isn't this restriction. I just changed mine to a 24 character password with no issues, but I'm using a domain account.<p>That said, major portions of what's new Windows 8 require a windows live account to use (the app store, most of the metro apps, etc).
The thing I hate is when people make excuses for it. Especially when those people purport to represent the company that made the mistake:<p>> Besides, 16 character long password can have 2.8 nonillion possible combinations. You are more likely to reuse your passwords and got owned through that than password brute forcing.<p>That's a terrible excuse for a 16-character limit. Just admit it was a bad decision (probably made a long time ago) and move on.
(for users with Microsoft Accounts)<p>Granted, that'll probably be the majority. Anyone know if non-MS accounts have this limitation?<p>EDIT: Nope, see <a href="http://news.ycombinator.com/item?id=4389204" rel="nofollow">http://news.ycombinator.com/item?id=4389204</a>
Some programmer decided to filter characters and limit the length of a string. Honestly, it's reasonable. I know it's not the point but 16 ASCII chars can be used to create a secure windows password.<p>And people with passwords bigger than 16 chars are a corner case. HN has had top stories telling programmers not to care about corner cases or to assign a very low priority to them.<p>In my opinion: "Nothing to see here, move along".