Having recently received an email and a letter from fast4 informing of the migration to surfmax, I was astounded to see both my new username AND MY PASSWORD clearly printed on each document. Isn't this playing fast and loose with my security? I have, of course, changed my password.
When you signup with any ISP, you normally get a letter or email to confirm your account details for access to the service; how is a letter mid-way through your service to advise about a change of username any more or less secure than the first one?
The username and password quoted on the letter is your username and password for internet access via your ADSL modem or router; it's addressed to the contact details given to Fast4 by the customer.
It's fair to say that no method of delivery is secure - I discovered a couple of years back for instance that a new bank card was sent by the bank to one of my previous addresses and then used for online purchases by the new occupants of that address

- however, if the bank are willing to risk new bank cards for their customers in the post, the far less sensitive details of a customers ADSL username and password by mail shouldn't be a problem either. Many companies confirm access details by post; register a
.co.uk domain name for instance and you'll receive within a month or two a letter from Nominet confirming how to access a control panel with them to update the records associated with that domain; if somebody unscrupulously wanted to intercept that letter, login to Nominet and change the records so they could steal that domain name, thats a possibility; however if there is important information to get to the customer, it's generally best by post.
Hands up all readers of this forum who were sent a letter or email by their ISP when they signed up to confirm the connection details they should be using to connect to their new service; I think most forum readers would be waving right now :nod:.
How is a letter to confirm login changes due to the network backbone provider having changed any different? We get a lot of customers who call to complain that they don't receive invoice receipts for subscriptions by email for instance - but then the customer confirms that the contact email address they gave us to reach them on isn't an email account they check anymore :shrug:. So if we'd sent this information by email and not by post, I can imagine somebody else on this forum posting a complaint to say they weren't advised
at all about the need to change their login details to connect correctly.