Menu
Reply
Wise owl
  • 3.25K
  • 173
  • 871
Registered: ‎09-09-2009
Message 11 of 14 (116 Views)

Re: Idiotic password policy


Sololobo wrote:

https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/

https://blog.codinghorror.com/password-rules-are-**bleep**/


I have just noticed that the second link has been broken by the "bad language" filter used on this forum Smiley Frustrated

If you are interested go here: https://blog.codinghorror.com/ and look for the entry dated 10th. March 2017 headed Password Rules Are Bull*hit.




It's What I Do.
I Drink and
I Know Nothing.
Reply
0 Kudos
Well-informed
  • 995
  • 109
  • 283
Registered: ‎23-09-2012
Message 12 of 14 (110 Views)

Re: Idiotic password policy


PaulMoore wrote:

Constraints from legacy equipment dating back 10+ years... plus a requirement to mirror credentials to systems on several different platforms.

Legacy constraints, aka lack of investment over the years.

In isolation, I understand the argument... but the suggestion that *nobody* at VM/Liberty Global understands passwords is utterly ludicrous.


Just as ludicrous is Virgin Media's continued use of a password strength indicator that continues to give a false sense of security, for example, a password of <username>123 is classed as “Strong”, as is <username>007, where the username is a common fist name.

IMHO, regardless of legacy systems, Virgin Media could have done more to reduce the risk, the simplest action being to check passwords against  dictionaries.

Problem sorter
  • 2.48K
  • 107
  • 506
Registered: ‎28-08-2009
Message 13 of 14 (104 Views)

Re: Idiotic password policy

there is clearly a cynical view at Virgin, that spending money to strengthen passwords across whatever legacy systems are still in use,would be money wasted. Surely most " legacy systems" are gone now: email, cloud, webspace, NTL....

in other words, we value our profits, we don't value your security

 a simple upgrade  like forcing separate passwords for primary email, account profile, TV anywhere streaming.... would be an easy start.

Reply
0 Kudos
Superfast
  • 190
  • 6
  • 72
Registered: ‎04-06-2015
Message 14 of 14 (58 Views)

Re: Idiotic password policy

Forcing 3 new passwords on users, not to mention the confusion between which passwords do what... is far from simple.

Passwords are a single mechanism in protecting against unauthorised use of customer accounts.  As important as they are, it's unlikely to be the catalyst for migration to a newer, more robust solution.

It's a case of "it's not a problem until someone has a cost-effective solution".

Reply
0 Kudos