I've just got a new Superhub 3, only to discover that the passwords I use for Wifi are not valid. I'm being forced to use one 10 characters long, 1 or 2 capitals, 1 or 2 numbers, no more than 8 lowercase letters in a row.
Seriously? This is perhaps even more absurd than the maximum of 8 characters for the Virgin portal login.
This isn't going to lead to more secure passwords. It's going to lead to forgotten passwords. Numerous studies have concluded that these conditions won't even create the most secure passwords. Why can I not use a string of words, for example? Why can't I use a shorter password that doesn't take me 15 minutes to type in using a remote control on my Roku?
Does Virgin really think someone is going to sit outside my house trying to brute force my wifi password? And even if so, is it really Virgin's place to restrict so arbitrarily what my password can be? I bet I can guess what thousands of Virgin users have as their Wifi passwords: Password11. Thousands more have Superhub11. These kinds of absurd restrictions is what causes people to use that kind of password.
I'm personally going with ************. I'm not using the asterisks though. (Mod removed it, even though I didn't actually put anything inappropriate and used asterisks for enough letters that anyone who doesn't already know the word would know it, so I'll retry: ****YouVirgin1.)
Please remove these arbitrary restrictions and let me use the passwords I want. It's just my local network, not a bank...
[MOD EDIT: Inappropriate language removed, please review the Forum Guidelines]
I can't edit that post now, so I'll clarify - 3 numbers is not allowed. 3 capitals is not allowed. It has to be 1 or 2. Which is just... insane. The password I suggested I'd use isn't actually allowed, as it has 3 capital letters... Seriously.
Update: There seem to be other conditions at play here though, as sometimes it seems to allow more than 2 capitals or numbers and sometimes it doesn't. It also does allow 8 lowercase letters in a row at times, and other times it doesn't. It's not even consistent in its application of its own rules. This password is just fine:
But this is not:
I'm starting to suspect that it's losing track of the password as you change it, too, as it will accept something one minute and not the next.
Update: It gets even worse. When counting 8 lowercase letters in a row, it doesn't consider a number to be a break in lowercase letters. So
Thanks for the feedback, the change in the wireless password requirements have been made to improve the security of your connection, though I can see why the limitations around capital letter or numbers used would be frustrating, particularly if employing a password generator.
Castle5, you may be aware and able enough to generate a secure password for yourself, however, the majority of folks are either unaware of the need or to lazy to implement a secure password. Therefore Virgin have a duty of care to their customers and choose this method to do it.
Can you imagine the hew and cry, if dozens of elderly customers were fleeced by a password scam made simple by Virgins actions/inactions?
They should do what EVERYONE ELSE does, then; there should be a minimum number of characters and certain un-obfuscated words should be on the blocked list (like "password" and "computer1"); also repeated characters in a row (more than 2) should be blocked; however there should otherwise be no limits at all on what you can put in. For instance "He=9g%&bb32'@" should be allowed.
At the end of the day however, what the password is on a WiFi should be entirely the user's responsibility, not Virgin's; and unless they're using WPA2 it wouldn't matter anyway since it's trivial to get access using simple hardware and software anyway. It's up to users and their families to educate themselves.
Tom Anything you say may be misquoted and used against you!
Seriously, do this at your own risk, this may cause harm to your device, it did not mine. It may break further usage of the Wireless Networks page to manage the device, without resorting to the same tricks; depending on how/when the password is validated.
I've just run into this problem and solved it. In the hope that only people who know what they are doing and why attempt this I'm going to keep the instructions vague.
Use chrome, open the network inspector, click preserve log.
Change the wifi password to something, not the one you want, but one that meets the requirements.
Note the multiple xhr get requests to some pages on the virgin hub with snmp in the name.
Replicate those requests in order, substituting in your password, using the console draw and JQuery as it's handily loaded already.
After each request wait for a reply, and carefully submit the next. Note if changing the password and having both 2 and 5 GHz networks enabled the different snmp oids involved. After the snmp set calls for the passwords the response data should respond with the oid and the password you just sent.
My knowledge here falters a little bit, so I replicated all the requests as is up to the call to the 'walk?' page. Perhaps only the first three are necessary, two to set the passwords to the different oids and one to 'write' the changes.
After a page refresh my new allegedly unsafe password was present in the dialogue and works on my devices.
I originally attempted to subvert the validation process but finding the executing JS proved more onerous than simply duplicating the snmp set calls.