Wise owl
  • 3.45K
  • 195
  • 962
Registered: ‎09-09-2009
Message 11 of 14 (169 Views)

Re: Idiotic password policy

Sololobo wrote:**bleep**/

I have just noticed that the second link has been broken by the "bad language" filter used on this forum Smiley Frustrated

If you are interested go here: and look for the entry dated 10th. March 2017 headed Password Rules Are Bull*hit.

It's What I Do.
I Drink and I
Remember Things.
0 Kudos
Knows their stuff
  • 1.34K
  • 145
  • 419
Registered: ‎23-09-2012
Message 12 of 14 (163 Views)

Re: Idiotic password policy

PaulMoore wrote:

Constraints from legacy equipment dating back 10+ years... plus a requirement to mirror credentials to systems on several different platforms.

Legacy constraints, aka lack of investment over the years.

In isolation, I understand the argument... but the suggestion that *nobody* at VM/Liberty Global understands passwords is utterly ludicrous.

Just as ludicrous is Virgin Media's continued use of a password strength indicator that continues to give a false sense of security, for example, a password of <username>123 is classed as “Strong”, as is <username>007, where the username is a common fist name.

IMHO, regardless of legacy systems, Virgin Media could have done more to reduce the risk, the simplest action being to check passwords against  dictionaries.

Community elder
  • 3.98K
  • 202
  • 892
Registered: ‎28-08-2009
Message 13 of 14 (157 Views)

Re: Idiotic password policy

there is clearly a cynical view at Virgin, that spending money to strengthen passwords across whatever legacy systems are still in use,would be money wasted. Surely most " legacy systems" are gone now: email, cloud, webspace, NTL....

in other words, we value our profits, we don't value your security

 a simple upgrade  like forcing separate passwords for primary email, account profile, TV anywhere streaming.... would be an easy start.

0 Kudos
  • 210
  • 8
  • 76
Registered: ‎04-06-2015
Message 14 of 14 (111 Views)

Re: Idiotic password policy

Forcing 3 new passwords on users, not to mention the confusion between which passwords do what... is far from simple.

Passwords are a single mechanism in protecting against unauthorised use of customer accounts.  As important as they are, it's unlikely to be the catalyst for migration to a newer, more robust solution.

It's a case of "it's not a problem until someone has a cost-effective solution".

0 Kudos