Are Hotmail passwords supposed to be case sensitive?
April 4, 2015 6:45 PM   Subscribe

My mother's hotmail password appears to be completely case insensitive, any combination of upper and lowercase letters seems to work. On the other hand my father's hotmail has a password that only accepts one captializaton, as I was expecting. What's going on here? Why are the two accounts displaying different behaviour with this?
posted by Proofs and Refutations to Computers & Internet (10 answers total) 3 users marked this as a favorite
Is the hotmail account (and password) very very old? Is it possible the password requirements were less stringent back in the day and this one just got grandfathered in?

Does the case insensitivity still happen if you do a password reset or does it prompt you for certain password requirements?
posted by phunniemee at 6:53 PM on April 4, 2015

I don't know anything about Hotmail specifically, but I have worked on several systems that have changed the way they store passwords over the years (including one or two that at one time had them be case-insensitive). In many cases, old passwords were grandfathered in, but new passwords (either new accounts or changed passwords) were switched to the new scheme. This might be what's happening? Do you know if your mother's password was set before your father's?
posted by primethyme at 6:53 PM on April 4, 2015

There was a huge change when hotmail was bought by Microsoft and they "dogfooded" thier new acquisition requiring everything to be Windows based instead of Linux. This was in the early aughts and it resulted in a lot of chaos. It's quite possible that two users might be stuck in different compatibility worlds, one of which enforces case sensitivity and the other, most likely grandfathered in, does not.
posted by localroger at 8:07 PM on April 4, 2015

Yeah my guess was going to be the same as phunniemee's and primethyme's, namely that if the password is really old, they might have changed from case-insensitive to sensitive somewhere along the line but kept backwards compatibility. That suggests to me that they are using a really bad hashing algorithm, and I would change that password immediately.
posted by Kadin2048 at 8:09 PM on April 4, 2015 [1 favorite]

Response by poster: My mother's account is quite old, ~15 years, but the password is comparatively recent ~3 years.
posted by Proofs and Refutations at 9:08 PM on April 4, 2015

I've encountered stuff like this. As far as i can tell, the age of the account determines what system it runs on in the backend. This can actually cause problems, where sometimes old accounts don't work consistently with "windows live" logins. Even accounts that are only 12-15 years old can have issues sometimes.

I actually have a ~20 year old account that can't even be signed in to anymore, even with the proper info.
posted by emptythought at 9:34 PM on April 4, 2015 [3 favorites]

If you change the password, does it become case sensitive? I think the others have the right idea; there was likely a different mechanism in place for storing passwords on her account at that time that was phased out.
posted by Aleyn at 11:16 PM on April 4, 2015

Just as a data point, not specific to Microsoft or Hotmail, I have a 13-year-old AIM account that I can no longer sign into with the last known password (which I'd had stored in my Mac Keychain) but that can't be manually reset either. I escalated my case to a manager there who said this account falls into a subset of old accounts that simply aren't accessible for manual password reset (I can't use the automated process because I no longer live in, y'know, a dorm room with my old IP address), and now it's on a list somewhere in case someone decides to get enterprising and properly port those over to a new server.

All of that to say, I hope this answer isn't too far afield, but yep, really old accounts on old servers definitely don't always have the same properties as newer accounts, especially with regard to passwords.
posted by limeonaire at 8:21 AM on April 5, 2015

Up until 2012 Hotmail would only use the first 16 characters of your password and would silently discard the rest, so if the case insensitive characters are anything after the 16th character that would explain them being accepted. If you change the password, hotmail will now only accept 16 characters or less.
posted by Lanark at 11:01 AM on April 5, 2015

My hotmail was force consolidated with Microsoft Outlook a year or two ago. So they probably consolidated the old passwords into the new system, like everybody else said. :)
posted by Jacen at 12:33 PM on April 6, 2015

« Older It's all (stuck in) the wrist   |   hvordan kan jeg tvinge et museum for å ta min fars... Newer »
This thread is closed to new comments.