Is there any update to this? I have had my password hacked as I'm unable to set what I consider a secure password including special characters and longer than 10 characters. 2 factor authentication would also be welcome.
Hi Kain, that's the issue that Virgin are not doing anything about it. The information in my email is too valuable to be left at risk for whenever virgin decide they might take action. One of the only v reasons I've stayed with virgin for intenet and phone was for my email account because of how long I've had it. I will now start transitioning away to an alternate address and therefore other service provider as there is too much risk of my account being hacked again with the limited virgin security on passwords.
Thanks for posting and welcome back to the community.
We take all feedback on board with regards to security, the relevant information has been sent to our team to assess our current model.
We don't currently have a timeframe for any action however.
Given the time that has elapsed since this issue first arose, your assurances are worthless. NOTE: Virgin Media has STILL not implemented the changes required to follow their advice with regard to security. What an utter joke of a company!
I have raised this as a complaint several times and have given up especially since the last time was met with a patronising arrogant response from someone who obviously did not have any IT background and did not understand maths.
Virgin Media encourage setting weak passwords ; they want customers to use poor security practices and explicitly prevent anyone using industry standard recommendations. For instance, long passwords of e.g. 32 characters (or *any* type of character) are not possible, 2FA with TOTP generation is not possible etc etc. Their entire system appears to be predicated to put customers at risk.
This has been going on for years and for Virgin to ridiculously state they follow good security practices is embarrassing. Not a single industry standard practice is being followed. I would not be surprised if they are storing passwords in plain text internally rather than salting/hashing them.