In 2022, it's unbelievable that I'm still forced to use a 8-10 character alpha-numeric password that could be cracked pretty easily. Why? Well, I asked the question on Twitter and got zero response despite chasing twice.
So I filled a complaint form in and got the brush off. I persisted and got the attached response in barely strung together English. What on earth is going on with Virginmedia?
I've asked this before and unfortunately Virgin Media want their customers to use insecure and unsafe security practices. They insist on people using weak passwords. Ideally they should allow e.g. 32 character passwords with no restrictions on characters. And attempt to get them to change and use industry standard practices, available on any good IT reference site, is met with a patronising brush off.
Many threads on topic and no real constructive replies apart from one fool who used to try and defend it but luckily, he stopped posting years ago.
Pretty embarrassing state of affairs when free Pr0n sites have had better protection for 10+ years (at the very least).
All my passes are secure apart from 2 that are both VM's.
It is a total joke that Virgin Media's main website doesnt support MFA or complex passwords or even longer passwords that 10 characters. As people have already said my password vault sees that password that i have had to set as "weak". I'm surprised more attacks arent focused on phishing user accounts for their VM creds.
To get onto this forum, i had to create a "stronger" password that has a different policy to the main VM user account database backend. It has to be possible.
I think i will also log with my contact at the NCSC to see what they can suggest.
Come on VM, pull your finger out, its 2022 for gods sake!!
The password requirements for Virgin Media accounts were changed a few months ago. Passwords can now be up to 64 characters long.
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Please read the FAQs
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
Nice to know!
Would have been good if they'd highlighted this, that they had fixed their glaring security flaws, apologised for the YEARS its taken them to do it and the presumptious arrogant replies that nothing was wrong.
Hmm, then why wouldnt it accept my new password today that was 10 characters...a unique never used before password, following their guidance (upper/lower case letters and numbers). I had to set it to 9 characters and then it worked!
MFA should also be offered to protect personal information as defined by the NCSC's Cyber Essentials framework (as a cloud based service) and it isn't offered which is poor form.