I have raised this as a complaint several times and have given up especially since the last time was met with a patronising arrogant response from someone who obviously did not have any IT background and did not understand maths.
Virgin Media encourage setting weak passwords ; they want customers to use poor security practices and explicitly prevent anyone using industry standard recommendations. For instance, long passwords of e.g. 32 characters (or *any* type of character) are not possible, 2FA with TOTP generation is not possible etc etc. Their entire system appears to be predicated to put customers at risk.
This has been going on for years and for Virgin to ridiculously state they follow good security practices is embarrassing. Not a single industry standard practice is being followed. I would not be surprised if they are storing passwords in plain text internally rather than salting/hashing them.