Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password security is poor

jeffsmith82
On our wavelength

on ‎10-12-2020 09:40

I was trying to set a secure password for my account its almost impossible to do. Im talking about this page https://my.virginmedia.com/create-profile/register by the way.

If the password is less then 8 characters then i get a too short warning. This is fair and is good security practice. If I type anything over 10 characters this is too long.  If I put special characters in it would not accept the password either. 

I ended up by trial and error getting a valid password after about 15 minutes but the UI was terrible in helping me out with what was wrong.

I can see this requirement now I have set a account but this was nowhere when I was registering.
"8-10 characters long, letters and numbers only, no spaces. First character must be a letter."

Can anyone explain why in 2020 an 11 characters password is too long ?
You are limiting your customers passwords to be pretty insecure for what reason ?
Why does the first character have to be letter you making passwords even more insecure mandating this ?
 

19 REPLIES 19

JPL8
Fibre optic
In response to simtech76

on ‎07-11-2021 12:57

VM take the high ground when it comes to security, but they're not prepared to put their money where their mouth is. 

They recommend customers use two factor authentication, for example, but haven't implemented it themselves.

Screenshot 2021-11-07 at 12.51.45.png

Maximusdm
Tuning in
In response to JPL8

on ‎20-02-2022 17:04

Is there any update to this? I have had my password hacked as I'm unable to set what I consider a secure password including special characters and longer than 10 characters. 2 factor authentication would also be welcome.

Martin_N
Forum Team
Forum Team
In response to Maximusdm

on ‎21-02-2022 17:37

Hi Maximusdm,

Thank you for your post and welcome to the community. 

I'm very sorry to hear about the your account. 

I would recommend checking out this link for helpful information on what to do after being hacked: https://www.virginmedia.com/help/virgin-media-account-has-been-hacked.

Have you been able to reset your password?

^Martin

0 Kudos

Maximusdm
Tuning in
In response to Martin_N

on ‎21-02-2022 22:31

Thanks but can you tell me when virgin media will improve their security for passwords so that we can include special characters for example?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Ianpb
On our wavelength
In response to Martin_N

on ‎21-02-2022 23:56

"I would recommend checking out this link for helpful information on what to do after being hacked: https://www.virginmedia.com/help/virgin-media-account-has-been-hacked."

That's not only a joke, but it's also insulting. That linked page recommends two layer security - despite the fact that VirginMedia has not even implemented it for its customers!

Kain_W
Forum Team (Retired)
Forum Team (Retired)
In response to Ianpb

on ‎23-02-2022 08:53

Hi Ianpb,

Thanks for posting and welcome back to the community.

We take all feedback on board with regards to security, the relevant information has been sent to our team to assess our current model.

We don't currently have a timeframe for any action however.

Thanks,

Kain
0 Kudos

Maximusdm
Tuning in
In response to Kain_W

on ‎23-02-2022 09:57

Hi Kain, that's the issue that Virgin are not doing anything about it. The information in my email is too valuable to be left at risk for whenever virgin decide they might take action. One of the only v reasons I've stayed with virgin for intenet and phone was for my email account because of how long I've had it. I will now start transitioning away to an alternate address and therefore other service provider as there is too much risk of my account being hacked again with the limited virgin security on passwords.

Dontwantone
Tuning in
In response to Maximusdm

on ‎28-03-2022 22:04

  • A thread started 2 years ago and still no improvement, what a shambles.

Ianpb
On our wavelength
In response to Kain_W

on ‎28-03-2022 23:37

@Kain_W wrote:

Hi Ianpb,

Thanks for posting and welcome back to the community.

We take all feedback on board with regards to security, the relevant information has been sent to our team to assess our current model.

We don't currently have a timeframe for any action however.

Thanks,

Given the time that has elapsed since this issue first arose, your assurances are worthless. NOTE: Virgin Media has STILL not implemented the changes required to follow their advice with regard to security. What an utter joke of a company!

0 Kudos

rncross
On our wavelength
In response to Ianpb

on ‎02-04-2022 09:23

I have raised this as a complaint several times and have given up especially since the last time was met with a patronising arrogant response from someone who obviously did not have any IT background and did not understand maths.

Virgin Media encourage setting weak passwords ; they want customers to use poor security practices and explicitly prevent anyone using industry standard recommendations. For instance, long passwords of e.g. 32 characters (or *any* type of character) are not possible, 2FA with TOTP generation is not possible etc etc. Their entire system appears to be predicated to put customers at risk.

This has been going on for years and for Virgin to ridiculously state they follow good security practices is embarrassing. Not a single industry standard practice is being followed. I would not be surprised if they are storing passwords in plain text internally rather than salting/hashing them.

Top