I've asked this before and unfortunately Virgin Media want their customers to use insecure and unsafe security practices. They insist on people using weak passwords. Ideally they should allow e.g. 32 character passwords with no restrictions on characters. And attempt to get them to change and use industry standard practices, available on any good IT reference site, is met with a patronising brush off.

Many threads on topic and no real constructive replies apart from one fool who used to try and defend it but luckily, he stopped posting years ago.

Pretty embarrassing state of affairs when free Pr0n sites have had better protection for 10+ years (at the very least).

All my passes are secure apart from 2 that are both VM's.

Indeed. I notice now the moderators have stopped even bothering to try and defend this horrendous insecure practice. Its like Virgin Media *want* their customers to be hacked!

I've flagged their poor security to both the Information Commissioner and to NCSC

It is a total joke that Virgin Media's main website doesnt support MFA or complex passwords or even longer passwords that 10 characters.  As people have already said my password vault sees that password that i have had to set as "weak".  I'm surprised more attacks arent focused on phishing user accounts for their VM creds.

To get onto this forum, i had to create a "stronger" password that has a different policy to the main VM user account database backend.  It has to be possible.

I think i will also log with my contact at the NCSC to see what they can suggest.

Come on VM, pull your finger out, its 2022 for gods sake!!

The password requirements for Virgin Media accounts were changed a few months ago.  Passwords can now be up to 64 characters long.

Nice to know!

Would have been good if they'd highlighted this, that they had fixed their glaring security flaws, apologised for the YEARS its taken them to do it and the presumptious arrogant replies that nothing was wrong.

Hi Graham

Hmm, then why wouldnt it accept my new password today that was 10 characters...a unique never used before password, following their guidance (upper/lower case letters and numbers).  I had to set it to 9 characters and then it worked!

MFA should also be offered to protect personal information as defined by the NCSC's Cyber Essentials framework (as a cloud based service) and it isn't offered which is poor form.