cancel
Showing results for 
Search instead for 
Did you mean: 

Why do I have to use a 8-10 character password and no 2FA?

NikTheGeek
Dialled in

In 2022, it's unbelievable that I'm still forced to use a 8-10 character alpha-numeric password that could be cracked pretty easily. Why? Well, I asked the question on Twitter and got zero response despite chasing twice.

 
 

So I filled a complaint form in and got the brush off. I persisted and got the attached response in barely strung together English. What on earth is going on with Virginmedia?

FN4m16LXMAM9Kj2.pngFNfTE2-XEAETEDV.pngFNfTXBYWYAQVSrg.png

16 REPLIES 16

rncross
On our wavelength

I've asked this before and unfortunately Virgin Media want their customers to use insecure and unsafe security practices. They insist on people using weak passwords. Ideally they should allow e.g. 32 character passwords with no restrictions on characters. And attempt to get them to change and use industry standard practices, available on any good IT reference site, is met with a patronising brush off.

jhuk
Trouble shooter

Many threads on topic and no real constructive replies apart from one fool who used to try and defend it but luckily, he stopped posting years ago.

Pretty embarrassing state of affairs when free Pr0n sites have had better protection for 10+ years (at the very least).

All my passes are secure apart from 2 that are both VM's.

 

Screenshot 2021-11-09 145128.png

rncross
On our wavelength

Indeed. I notice now the moderators have stopped even bothering to try and defend this horrendous insecure practice. Its like Virgin Media *want* their customers to be hacked!

I've flagged their poor security to both the Information Commissioner and to NCSC

It is a total joke that Virgin Media's main website doesnt support MFA or complex passwords or even longer passwords that 10 characters.  As people have already said my password vault sees that password that i have had to set as "weak".  I'm surprised more attacks arent focused on phishing user accounts for their VM creds.

To get onto this forum, i had to create a "stronger" password that has a different policy to the main VM user account database backend.  It has to be possible.

I think i will also log with my contact at the NCSC to see what they can suggest.

Come on VM, pull your finger out, its 2022 for gods sake!!

Graham_A
Very Insightful Person
Very Insightful Person

The password requirements for Virgin Media accounts were changed a few months ago.  Passwords can now be up to 64 characters long.

________________________________
Graham

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Please read the FAQs
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

rncross
On our wavelength

Nice to know!

Would have been good if they'd highlighted this, that they had fixed their glaring security flaws, apologised for the YEARS its taken them to do it and the presumptious arrogant replies that nothing was wrong.

Hi Graham

Hmm, then why wouldnt it accept my new password today that was 10 characters...a unique never used before password, following their guidance (upper/lower case letters and numbers).  I had to set it to 9 characters and then it worked!

MFA should also be offered to protect personal information as defined by the NCSC's Cyber Essentials framework (as a cloud based service) and it isn't offered which is poor form.

 

rncross
On our wavelength
Curious - I have successfully reset my original Virgin Media password to a 32 character version (containing alphanumeric characters).