• 3.54K
  • 205
  • 991
Wise owl
Message 11 of 14
Flag for a moderator

Re: Idiotic password policy

Sololobo wrote:**bleep**/

I have just noticed that the second link has been broken by the "bad language" filter used on this forum Smiley Frustrated

If you are interested go here: and look for the entry dated 10th. March 2017 headed Password Rules Are Bull*hit.

It's What I Do.
I Drink and I
Remember Things.
0 Kudos
  • 1.54K
  • 168
  • 495
Message 12 of 14
Flag for a moderator

Re: Idiotic password policy

PaulMoore wrote:

Constraints from legacy equipment dating back 10+ years... plus a requirement to mirror credentials to systems on several different platforms.

Legacy constraints, aka lack of investment over the years.

In isolation, I understand the argument... but the suggestion that *nobody* at VM/Liberty Global understands passwords is utterly ludicrous.

Just as ludicrous is Virgin Media's continued use of a password strength indicator that continues to give a false sense of security, for example, a password of <username>123 is classed as “Strong”, as is <username>007, where the username is a common fist name.

IMHO, regardless of legacy systems, Virgin Media could have done more to reduce the risk, the simplest action being to check passwords against  dictionaries.

  • 4.01K
  • 202
  • 898
Community elder
Message 13 of 14
Flag for a moderator

Re: Idiotic password policy

there is clearly a cynical view at Virgin, that spending money to strengthen passwords across whatever legacy systems are still in use,would be money wasted. Surely most " legacy systems" are gone now: email, cloud, webspace, NTL....

in other words, we value our profits, we don't value your security

 a simple upgrade  like forcing separate passwords for primary email, account profile, TV anywhere streaming.... would be an easy start.

0 Kudos
  • 214
  • 8
  • 78
Message 14 of 14
Flag for a moderator

Re: Idiotic password policy

Forcing 3 new passwords on users, not to mention the confusion between which passwords do what... is far from simple.

Passwords are a single mechanism in protecting against unauthorised use of customer accounts.  As important as they are, it's unlikely to be the catalyst for migration to a newer, more robust solution.

It's a case of "it's not a problem until someone has a cost-effective solution".

0 Kudos