Fun fact: you can actually set a good password when you create a virgin media account but then you won't actually be able to login as the password is rejected by their front-end for being too long. And just in case you thought you could do a password reset, their password reset page doesn't work.
I encountered that problem with the payment system for my city water bill a few years ago, I always hoped it would be a problem restricted to small town stuff with no budget for security.
Last time I checked, the default WPA passphrase for Virgin Media routers was always set to eight capital letters, making it trivially crackable with a reasonable amount of GPU compute.
My current default Virgin WPA password is roughly of the form lLlllNllllll (l - lowercase letter, L - uppercase letter, N - number), installed about a year ago, and I know from seeing another one that the position and quantity of the uppercase letters and numbers aren't fixed.
If my experience of Virgin Media is anything to go by, they are probably writing them down in crayon on bits of paper that they keep in a very large box, probably outside and open to the weather.
Actually, it wouldn't surprise me if they just didn't store them at all and just accepted any login attempt.
Given the level of incompetence I have experienced from them, I can only assume they are still in business because of a serious accounting error in their favour.
I found my local cabinet with the doors swinging open and a massive tangled bundle of wires inside. I reported it to them, but they haven't done anything about it for more than a year, other than remove the notice asking you to report it to them if you see it open.
Frankly, I suspect I could build a more reliable link from a bit of string and a couple of plastic cups.