I am wondering what risks and if this action can be implemented. After a customer signs up for online banking at a banking office, operations would like to change a process where the customer's ID and password are now sent in one letter. We do require the customer to change their password in first initial sign on.

What would you like to change it to? Two separate emails? An email and text?

A little more detail would help get you a better answer.

Cheers!

I will assume the two pieces are currently sent separately so that if one piece is intercepted it is of no use to whomever has it.

By combining these you defeat that security measure. And if I steal your mail and logon, it doesn't matter that it has to be changed because I am in control of the change and the account.

I would resist sending them together on the premise of security. You don't send an active debit card and a PIN together.

Thanks!