Forum Discussion

alexgreyhead's avatar
alexgreyhead
Settling in
16 hours ago

Another user unable to link Virgin Media O2 ID and Virgin Media Accounts - can anyone help please?

I signed up for Virgin Broadband on Monday. Created my VMO2 ID and when I tried to link my Virgin Media broadband account I got the message saying my account is linked to a different email address:

If one of the hard-working mods has any help to offer on this issue I'd be hugely appreciative - I've just tried in the last five minutes and the issue is still happening.

-

Assuming this isn't resolved by tomorrow, I'm writing a letter of complaint to Virgin - I'd encourage everyone else here to do so, too - to Virgin Media, Sunderland, SR43 4AA ;-)

(Note that you can't send an email complaint without being logged into your VMO2 ID, and you can't continue to the complaint form unless you've linked your Virgin Media account - you just get an "access denied" blocked error.)

Virgin - your IT team need to sort this issue out as a priority. It's entirely unacceptable to implement an OAuth identity provider service - as you have with your VMO2 service - which simply doesn't work.

There's no way on earth that a properly managed development team wouldn't spot such a basic error in a critical user journey during the testing phase, unless your testing wasn't a proper simulation of real-world, or your tester simply didn't bother to do this part of the test suite.

What gives?

And yes, I write this as a developer in a software engineering team developing OAuth identity providers for websites, so I know a tiny amount about which I speak... (-;

/A

ps And while I'm here! When you sign up on this forum, there is a maximum length that your password can be, and the forum shows an error if the password is too long.

There's only one reason to specify a maximum length for a password on a website: it means the password is almost certainly stored unencrypted and un-hashed, because the password length limit is set because the database table column is sized to only allow a string of characters up to a certain length.

If the password was stored hashed and encrypted, it would always be a set length - e.g. 64 characters - no matter what password you entered on the registration form.

That's a huge security flaw, especially considering the fact the forum also knows my email address:

 

complaint
oauth
security
user interface

1 Reply

  • alexgreyhead's avatar
    alexgreyhead
    Settling in
    15 hours ago

    Just to clarify for anyone able to help: I have spoken to Customer Service and they have absolutely positively confirmed that the email addresses on both my VMO2 ID and my Virgin Media (broadband) account match each other, and are my email address - there's no error on that side of things :)