I updated my Virgin account password this evening as it's been a while, and was really taken aback at the password restrictions. No more than 10 characters, and no special characters allowed (&, *, %, etc). This surely must be addressed, as the limitations don't allow for very strong passwords, I've never encountered such restrictions on any site since early 2000's. What are Virgin doing? I'm really quite shocked at this limit on security.
In this day and age the password limitations set by Virgin Media are up there with the very worst i have encountered. They have the audacity to lock you out of your own email and provide no explanation as to why, other than "We have sent you a security letter out". I use 2-step auth on every account where it is permitted. I use complex and long passwords and rarely repeat them across multiple sites. They are fast becoming a joke of an ISP.