Recycling - just not for passwords, please!

pgn · ‎14-09-2025

The scenario:

...

"My0ldPassword24."

"Password expired, please enter a new one:

"My0ldPassword25."

"Your new password has been accepted, please login now..."

...

Wrong move, pardner! This explains why:

https://archive.ph/mVSqV

"A spokesperson for Virgin Media O2 says: “Human behaviour is quite easy to model. [Criminals] know, for example, you might use one password and then add a full stop or an exclamation mark to the end.”"

Read and learn (link has been modified to take out the Guardian nag-prompts!)

|-- O2 Social Media Team via Facebook Messenger

Anonymous · ‎14-09-2025

@pgn I change my password on an annual basis.

madasaf1sh · ‎14-09-2025

You should change your password every 30 to 90 days or so, not once a year that is a security risk and you are putting your data at risk.

It should also be secured using an authenticator app or passkeys and not using SMS / Calls for MFA

@pgn
I wouldnt trust VMo2 for security advise, as they dont allow complex or over 12 character passwords... I wish VMo2 would implement support for long complex passwords and proper MFA (3FA would be ideal)

This is not customer services and we dont have access to your account
I do not work for o2 or any VMo2 /Telefonica/Liberty Global Company