Menu
Reply
Vzg94w
  • 10
  • 0
  • 2
Tuning in
1,320 Views
Message 1 of 10
Flag for a moderator

10 character password?

Hello

What is the reason for the 10 character limit for passwords and no special characters?

It doesn’t seem very secure

Paul

Steve1701
  • 571
  • 25
  • 112
Rising star
1,305 Views
Message 2 of 10
Flag for a moderator

Re: 10 character password?

😲 Vzg94w 

Given a 10 character alphanumeric password has around 916,132,832 combinations ( a-z, A-Z, 0-9) ...

What the hell are you trying to secure !!!

🤔

😜

Steve

Utrinque Paratus
0 Kudos
Reply
Vzg94w
  • 10
  • 0
  • 2
Tuning in
1,295 Views
Message 3 of 10
Flag for a moderator

Re: 10 character password?

Thanks, helpful

RainmakerRaw
  • 116
  • 1
  • 37
Up to speed
1,227 Views
Message 4 of 10
Flag for a moderator

Re: 10 character password?

Seeing as modern hardware can make more than that many guesses per second...
0 Kudos
Reply
用心棒
  • 7.64K
  • 844
  • 2.55K
Very Insightful Person
Very Insightful Person
1,216 Views
Message 5 of 10
Flag for a moderator

Re: 10 character password?

Limitation is likely due to legacy systems; best guess as Virgin Media do not discuss reasons.

0 Kudos
Reply
用心棒
  • 7.64K
  • 844
  • 2.55K
Very Insightful Person
Very Insightful Person
1,210 Views
Message 6 of 10
Flag for a moderator

Re: 10 character password?


@RainmakerRaw wrote:
Seeing as modern hardware can make more than that many guesses per second...

That is the case but hard to achieve if sign in process is rate limited, i.e. using a CAPTCHA scheme, progressively longer delays between attempts before locking account , etc.

IMHO Virgin Media should have solved their legacy issues long ago but having not done so customers should mitigate the risk by looking elsewhere for a more secure email service.

RainmakerRaw
  • 116
  • 1
  • 37
Up to speed
1,186 Views
Message 7 of 10
Flag for a moderator

Re: 10 character password?

Rate limiting only works if the attempt remains online. If the database is exfiltrated and saved offline (see every insecure elasticsearch database ever, and various recent telco breaches) then no such limitation applies. I'd rather be the person with a 50 character passphrase than <10 basic chars in that situation. It's poor form, and needs upgrading. Even these forums don't allow MFA that I can see, but from the company with plain text router logins and such I won't hold my breath lol.

jhuk
  • 3.29K
  • 61
  • 321
Problem sorter
1,141 Views
Message 8 of 10
Flag for a moderator

Re: 10 character password?

Multiple threads on topic gong back a long time and a total joke as even free pr0n sites have had better protection for a decade+

And P.S you always get one smartarse making dumb clueless comments in these threads.

I do not have a 100% Total Security Score on LastPass as both my Virgin accounts score only 75%, every other site is 100% and all are 20 Character (inc specials).

0 Kudos
Reply
Tudor
  • 12.88K
  • 1K
  • 2.58K
Very Insightful Person
Very Insightful Person
1,119 Views
Message 9 of 10
Flag for a moderator

Re: 10 character password?

At lot of us may not like the password restrictions, but a you signed up for VM you have to live with their system. It’s an utter waste of time trying to do anything about,


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos
Reply
jhuk
  • 3.29K
  • 61
  • 321
Problem sorter
1,104 Views
Message 10 of 10
Flag for a moderator

Re: 10 character password?

And that helps how?

FYI I have been with VM since TW-BY days so signed up before we had dial up so I didn't sign up for weak security.

0 Kudos
Reply