I bet this comes from another top hacker news story from today : "The best interface is no interface" http://www.cooper.com/journal/2012/08/the-best-interface-is-...

This is clearly a brilliant security feature - a brute-force attack on a password of that length would be all but impossible! Bravo, Microsoft!

It applies to Windows 2000 Server and related products. The fix is included in SP1.

I rather think the opposite — every password would comprise of 18770 of the same character.

Ah, but it can't repeat any of the previous 30,689 passwords. Better break out the Unicode chart...

I love this note: "Note that the number of required characters changes from 17,145 to 18,770 with the installation of SP1."

As an aside, good god is the new support section on Microsoft.com criminally gorgeous.

They really went above and beyond in the redesign. It feels wrong to take this amount of pleasure in reading a support knowledge database.

This seems like an error one machine will show to another machine trying to create an account.

Your password must contain at least one unicode character; one space character, one control character, one mathematical notation character, one non-spacing character, one cyrillic character, one tonemic character and remember NOT to use any basic alphanumerical characters ([A-Z0-9]) as those are widely used in brute force attacks and therefore can't be considered safe.

The password which can be expressed is not the true password.