Wise owl
  • 3.27K
  • 175
  • 881
Registered: ‎09-09-2009
Message 11 of 14 (136 Views)

Re: Idiotic password policy

Sololobo wrote:**bleep**/

I have just noticed that the second link has been broken by the "bad language" filter used on this forum Smiley Frustrated

If you are interested go here: and look for the entry dated 10th. March 2017 headed Password Rules Are Bull*hit.

It's What I Do.
I Drink and
I Know Nothing.
0 Kudos
Knows their stuff
  • 1.03K
  • 113
  • 293
Registered: ‎23-09-2012
Message 12 of 14 (130 Views)

Re: Idiotic password policy

PaulMoore wrote:

Constraints from legacy equipment dating back 10+ years... plus a requirement to mirror credentials to systems on several different platforms.

Legacy constraints, aka lack of investment over the years.

In isolation, I understand the argument... but the suggestion that *nobody* at VM/Liberty Global understands passwords is utterly ludicrous.

Just as ludicrous is Virgin Media's continued use of a password strength indicator that continues to give a false sense of security, for example, a password of <username>123 is classed as “Strong”, as is <username>007, where the username is a common fist name.

IMHO, regardless of legacy systems, Virgin Media could have done more to reduce the risk, the simplest action being to check passwords against  dictionaries.

Trouble shooter
  • 2.85K
  • 132
  • 585
Registered: ‎28-08-2009
Message 13 of 14 (124 Views)

Re: Idiotic password policy

there is clearly a cynical view at Virgin, that spending money to strengthen passwords across whatever legacy systems are still in use,would be money wasted. Surely most " legacy systems" are gone now: email, cloud, webspace, NTL....

in other words, we value our profits, we don't value your security

 a simple upgrade  like forcing separate passwords for primary email, account profile, TV anywhere streaming.... would be an easy start.

0 Kudos
  • 193
  • 8
  • 74
Registered: ‎04-06-2015
Message 14 of 14 (78 Views)

Re: Idiotic password policy

Forcing 3 new passwords on users, not to mention the confusion between which passwords do what... is far from simple.

Passwords are a single mechanism in protecting against unauthorised use of customer accounts.  As important as they are, it's unlikely to be the catalyst for migration to a newer, more robust solution.

It's a case of "it's not a problem until someone has a cost-effective solution".

0 Kudos