When I sign in to Virgin media website, I notice that the password must be between 6-10 letters long. Not that I know much about password security, but isn't this a tad short? Most websites that I go to now that require a password allow me up to at least 15 characters.
I just did a Google search for the phrase "Good password practices", and the top hit was this:
The first piece of advice on that page is "Adopt long passphrases".
The fact that the passwords are so short suggests to me that you are possibly storing the passwords directly rather than adding a salt and storing only the resulting hash. I hope to God that you are not storing passwords directly!
Ensuring customer data is secure is of utmost importance to us and we continually invest in our security systems to keep our customers safe online.
In common with every other company, our login process requires customers to use unique passwords using a variety of characters. Additional technical controls and anti-fraud measures defend against unauthorised login attempts.
Our engineers regularly review our systems and carry out updates – and account security is always a top priority.
This issue has been kicked around the forum for many a year now, and likely many more to come, without a hint of progress AFAICS.
Find an email service that better meets your needs and has equivalent or better security than that of online services it maybe linked to. FYI a basic guide to creating strong passwords and what you should look for in a service.
I think it should be enough to block the account for a certain period of time after more than 3 wrong attempts. This virtually blocks almost everyone who does not know you.
In any case, I want to suggest my opinion about the best password choice: Use the first character of each word in a sentence that you like including punctuation, example: "My favourite numbers are 4 and 6. My favourite colours are purple, green, & black" becomes "Mfna4a6.Mfcap,g,&b"