[overlordalex]

The articles recommends that you "strengthen your Microsoft Live account password", but if I understand the vulnerability it is only exposing the hash of your password?

If it's only exposing the hash, why should you make your password stronger?

[cm2187]

My uneducated understanding is that it is an MD5 hash, quite easily brute forceable if that's the case.

https://en.wikipedia.org/wiki/NT_LAN_Manager#NTLMv2

[KMag]

The NT Hash is actually an un-salted MD4 (not 5) hash of the UCS-2 encoded password. The authentication protocol uses the V2 Hash, which is an MD5-HMAC of the user name and domain, using the NT Hash as the key. The authentication protocol then uses the V2 Hash as an MD5-HMAC key for a pair of random nonces.

[discreditable]

I've found strengthening my Live account password to be difficult. There is a 16-character limit that makes it impossible for me to use a good passphrase.

[cylo]

To make the password hash harder to crack. There's a big difference in time to crack the hash for "Passw0rd" vs "$)63hjbbdhs23".

[Sylos]

The hash for "Passw0rd" would almost certainly also be in some Rainbow table, so effectively no computation time in that case...

[yAnonymous]

>$)63hjbbdhs23

Great, I'll just store this in my password manag... oh, wait.

[Relys]

https://www.yubico.com/

[nacs]

Just write it on a Postit and affix it to your monitor.

[frommstoms]

There are databases of hashes to common passwords that makes it easy to find the password from hash. If you use weak passwords like "password123", hashing it is not going to make it secure (unless it is salted). And so the general advice is use strong passwords no matter what.