Fresh from its debut, Microsoft's new webmail product Outlook.com has already been called out for its "limited" password capability by a security vendor.
Sophos said the passwords for Outlook.com accounts are limited to 16 characters, less than those allowed by rivals Yahoo Mail and Gmail.
"(G)enerally, if you don't choose a password that's easy to guess or crack, longer is better. So it's a shame to see the new Outlook.com miss an opportunity to encourage the use of longer passwords," Sophos said.
Outlook.com's predecessor Hotmail also limited characters to 16, it added.
In comparison, Yahoo Mail allows up to 32 characters for a password while Gmail allows as many as 200 characters.
Sophos also noted pranksters were quick to grab available email addresses - registering email@example.com and firstname.lastname@example.org.
"Although these addresses were no doubt acquired for fun, there can be little doubt that phishers and spammers also raced to acquire email addresses that they might try to deploy in attacks and scams in the future," it said.
On the other hand, Sophos said longer passwords aren't necessarily better just because they're longer.
"A password such as 12345678901234567890 is probably not going to be as hard to crack as v4L61^3Fes@zEkiR even though it's longer," it said.
— TJD, GMA News