Menu
Reply
  • 4
  • 0
  • 0
petermanlwl
Joining in
403 Views
Message 1 of 7
Flag for a moderator

Password security

Hi,

When I sign in to Virgin media website, I notice that the password must be between 6-10 letters long. Not that I know much about password security, but isn't this a tad short? Most websites that I go to now that require a password allow me up to at least 15 characters.

I just did a Google search for the phrase "Good password practices", and the top hit was this:

https://techspective.net/2018/05/23/10-best-practices-to-secure-and-protect-passwords/

The first piece of advice on that page is "Adopt long passphrases".

The fact that the passwords are so short suggests to me that you are possibly storing the passwords directly rather than adding a salt and storing only the resulting hash. I hope to God that you are not storing passwords directly!

Thanks.

0 Kudos
Reply
  • 1.02K
  • 58
  • 93
Forum Team
Forum Team
363 Views
Message 2 of 7
Flag for a moderator

Re: Password security

Hi there petermanlwl, 

 

Welcome to the forums and for your first post Smiley Happy 

 

Ensuring customer data is secure is of utmost importance to us and we continually invest in our security systems to keep our customers safe online.
 

In common with every other company, our login process requires customers to use unique passwords using a variety of characters. Additional technical controls and anti-fraud measures defend against unauthorised login attempts.
 

Our engineers regularly review our systems and carry out updates – and account security is always a top priority.
 

More information on setting strong passwords can be found here: http://virginmedia.com/strongpassword
 

Hope this helps. 

 

Katie - Forum Team


New around here? To find out more about the Community check out our Getting Started guide


0 Kudos
Reply
  • 4
  • 0
  • 0
petermanlwl
Joining in
348 Views
Message 3 of 7
Flag for a moderator

Re: Password security

Hi, I quickly found this webpage which talks about the new NIST guidelines on password security:

https://spycloud.com/new-nist-guidelines/

It says: "An eight character minimum and 64 character maximum length"

There's absolutely no reason to impose a maximum password length of 10. If account security is really your top priority as you say it is, then please remove this restriction.

0 Kudos
Reply
  • 25.25K
  • 1.05K
  • 4.04K
Superuser
Superuser
346 Views
Message 4 of 7
Flag for a moderator

Re: Password security

its not always that easy. it might be connected to legacy systems that have a password limit that will stop working if its changed

0 Kudos
Reply
  • 4
  • 0
  • 0
petermanlwl
Joining in
342 Views
Message 5 of 7
Flag for a moderator

Re: Password security

Oh I agree it might not be easy. Doesn't mean they shouldn't at least put in a plan to move towards better security.

0 Kudos
Reply
  • 3.26K
  • 351
  • 1.1K
Superuser
Superuser
322 Views
Message 6 of 7
Flag for a moderator

Re: Password security

This issue has been kicked around the forum for many a year now, and likely many more to come, without a hint of progress AFAICS.

Find an email service that better meets your needs and has equivalent or better security than that of online services it maybe linked to. FYI a basic guide to creating strong passwords and what you should look for in a service.

0 Kudos
Reply
  • 1
  • 0
  • 0
robirobi555
Just joined
241 Views
Message 7 of 7
Flag for a moderator

Re: Password security

I think it should be enough to block the account for a certain period of time after more than 3 wrong attempts.
This virtually blocks almost everyone who does not know you.

In any case, I want to suggest my opinion about the best password choice:
Use the first character of each word in a sentence that you like including punctuation, example:
"My favourite numbers are 4 and 6. My favourite colours are purple, green, & black"
becomes "Mfna4a6.Mfcap,g,&b"

It is easy to remember and almost impossible to decript.
I found it in this site
https://video.video00.com/en/articles-list/450-tips-to-remember-passwords.html


0 Kudos
Reply