Why is my Password Too Long?

Dear Virgin Media

I recently decided it was time to change my password on my NTLWorld email account (managed by Virgin Media).  I entered a new password only to be told “Password too long”. How long was my password? 11 characters. 10 characters are OK apparently.

Why is my Password Too Long blog post imageVirgin Media, can I please draw your attention to CESG’s recently published password guidance? It recommends:

Use a generation scheme designed for high memorability – such as:

  • passphrases;
  • 4 random dictionary words; or
  • CVC-CVC-CVC style passwords (CVC = Consonant-Vowel-Consonant)

Sadly, with your system I cannot follow the advice of the national Technical Authority, as by design, the passwords are too long.

Can you please explain your unusual policy?

Best Regards

Colin Robbins, Long Serving Customer.

 

PS. At the same time, can you please indicate why you do not provide higher security options such as 2 step verification or 2 factor authentication (the blog Independent Factors will help you understand the difference)?