aa.net.uk Broadband - Broadband you can work with

Skip to Navigation / Skip to Content

Knowledge base Passwords

This page describes the various account logins and passwords that apply to our various systems.

Different systems have different levels of password security depending on the requirements.

Priceless: Accounts system

The accounts system login and password are used to allow access to the accounts, statements, and invoices. This is a very important password as we trust that any orders placed with the correct account number and password are genuinely from you or your organisation, and more importantly, from someone that is authorised to spend money with us. This password can be used to order services as well as changing or ceasing existing services.

The email address associated with the account is crucial. Someone with the ability to read emails sent to that email address could read password reset emails and change passwords and then place orders. You need to ensure that you use an email address that you trust to be secure.

At some point in the future we expect to allow configuration of secure encrypted emails to such email addresses.

  • Staff cannot see the password you have picked, it is hashed internally.
  • Staff cannot set a password for you, you have to use the password change process (described below).
  • Staff are able to invalidate your password if you request, and you should advise staff if you think the password is compromised.
Password change process

The password change process is used to set a password, and can be used if you have forgotten your password or simply want to change it. You can use the forgotten password link to request the password change email, or you can ask a member of staff to send it to you.

  • The password change email is sent to the email address we have for the login. It contains a web link.
  • The link can only be used on the day of issue, and only until the password is changed or invalidated.
  • The link is to a secure web site, so that any passwords shown or entered are not visible in the Internet.
  • Clicking on the link shows the proposed password clearly on the screen, so ensure you are not overlooked.
  • If the proposed password is not one you can remember, or on rare occasions is inappropriate or rude, you can select pick another
  • When you are happy, select set password to set the password. It is displayed, and you can then login if you wish.
  • We strongly recommend using the passwords we suggest as they are random and avoid any association with you or the account. You can, if you wish, enter a password. If you want to do this, ask a member of staff how. However, entering a password can lead to poor passwords, and password re-use which are not a good idea.

Clueless: Control pages

Our control pages are used to manage services and access technical information. They are also the means to set, and where appropriate, to view other passwords as detailed below.

As with the accounts password, the associated email is crucial and someone with access to the email could use a password change request to change the password and access the control pages. This then gives access to all of the other control pages passwords.

  • Staff cannot see the password you have picked, it is hashed internally.
  • Staff cannot set a password for you, you have to use the password change process (described above).
  • Staff are able to invalidate your password if you request, and you should advise staff if you think the password is compromised.
Email password

Whilst the email password, used for POP3, IMAP, and authenticated SMTP, may seem relatively low importance, it is not. Email systems are the underpinning of most security as explained above. Unauthorised access to email can allow people to change and access a range or other system's passwords. As such the email passwords have some security.

  • Staff cannot see the password you have picked, it is hashed internally.
  • You can set an email password on the control pages, but we recommend using the generate password link to pick one randomly when you do this, for added security.
  • You can record a reminder for the password if you wish. You should consider security and try to ensure this is not too obvious!
Line password

The line password is related to a broadband line, or data SIM or L2TP Internet access. It is considered very low priority as such systems are rarely used as an attack. When using broadband lines or data SIMs, we normally see a verified circuit ID and as such we will allow a correct login with an incorrect passwords if the circuit matches. The password is also included in the information pack and printed on router information cards to make it easy to configure network equipment - which is especially important when you have no Internet connection.

  • The password can be viewed on the control pages.
  • The password is printed and included on information packs and router information cards.
  • The password can be set as you wish, but a generate password button is provided for convenience.
Router admin password

The router admin password is considered relatively low priority. It is rare for any directed router attack using a password. The password is included in the information pack and printed on router information cards to make it easy to access the router even when no Internet conection.

  • The password can be viewed on the control pages.
  • The password is printed and included on information packs and router information cards.
  • The password can be set as you wish, but a generate password button is provided for convenience.
Router WiFi password

The router WiFi password is considered relatively low priority. It is possible for someone to attempt to hack your WiFi, so we do suggest a good password, and the system will try to generate a reasonably memorable password with additional digits to provide extra entropy. The password is included in the information pack and printed on router information cards to make it easy to use.

  • The password can be viewed on the control pages.
  • The password is printed and included on information packs and router information cards.
  • The password can be set as you wish, but a generate password button is provided for convenience.
VoIP password

VoIP passwords are considered to be slightly higher security because they can be used with equipment to make chargeable calls. However, the main attack for VoIP passwords is to compromise terminal equipment and either use it directly or access the password and login details it is using. Unfortunately the underlying protocol prohibits hashing this password internally. However it is usual for only one device to be confided with each VoIP login, and so reasonable that the password is settable but not visible. We also have in place a number of precautions and warning systems to track if VoIP passwords have been compromised.

  • The password can be viewed on the control pages, and it is not hashed in our internal systems.
  • The password can be set as you wish, but a generate password button is provided for convenience.
Web pages password

Web pages are not often targeted on our systems but can be a target for attack to display political or other messages. As such we consider this to be a slightly higher security.

  • At present, passwords are part of our DNS control pages and so can be viewed and changed and are not hashed.

We are working on ways to hash this password, but as some users make use of rsync for web pages, this is providing more complex. We may provide means to have separate ftp (hashed) and rsync (non hashed) passwords in due course.