Constraints from legacy equipment dating back 10+ years... plus a requirement to mirror credentials to systems on several different platforms.
Legacy constraints, aka lack of investment over the years.
In isolation, I understand the argument... but the suggestion that *nobody* at VM/Liberty Global understands passwords is utterly ludicrous.
Just as ludicrous is Virgin Media's continued use of a password strength indicator that continues to give a false sense of security, for example, a password of <username>123 is classed as “Strong”, as is <username>007, where the username is a common fist name.
IMHO, regardless of legacy systems, Virgin Media could have done more to reduce the risk, the simplest action being to check passwords against dictionaries.
there is clearly a cynical view at Virgin, that spending money to strengthen passwords across whatever legacy systems are still in use,would be money wasted. Surely most " legacy systems" are gone now: email, cloud, webspace, NTL....
in other words, we value our profits, we don't value your security
a simple upgrade like forcing separate passwords for primary email, account profile, TV anywhere streaming.... would be an easy start.