This is a cautionary tale. I realised my onetel email password, set up years ago, was a long way short of modern password complexity standards, and should probably be changed. There's a procedure outlined in several threads on this message board for changing your password involving putting some security information in your community board profile. The OCE staff, who manage this board, promptly follow this up and pass the message on to Talk Talk admin who carry out a password reset, and phone you to let you know the new one.
What happens next is best seen by looking at other threads on this topic. Each one of them contains a succession of messages from frustrated users who find they can't get their emails, and cover phone calls not made, made but mysteriously not received, inaccurate information etc.
This is because, incredibly, Talk Talk's system resets the email password BEFORE it has communicated the new password to the user, effectively locking you out of your emails. In my case there was a four day gap before I was able to get the new password, and, looking at other threads, I can see some people had a far longer wait.
And the upshot, after I had successfully received a password and was able to get emails once more, was that there's no way I can change the password to one of my own choice. This means Talk Talk now knows my onetel email password, and we all remember Talk Talk was the company that had a major theft of its customer data in 2016. I can only hope they haven't put the password on their system somewhere linked to my onetel email, but I wouldn't bank on it.
My understanding is that the soon to be launched TalkTalk New Mail will allow users to set their own secure passwords.
When the email admins generate a new password for you, the reason they check with you that it's working is because it's not stored in an unencrypted format. So, if you ever need to know your password they cannot look it up. They have to generate a new unique ultra-strong password.
It gives me confidence that security is good.