I have a friend who remotely manages a rather large number of commercial Wind Farms.
He once showed me how secure they were, by 'dialing one up' analogue modem.This was maybe 5 years ago. Recently they have all had thier phone lines disconnected and it's all managed with a web interface. The scary part was him logging in and the u/n & p/w were the defaults with admin rights, and he said he wasn't allowed to change them, even if he could.
Put it this way, at least my router had a password even if it rubbish when I got it.
Login can be done from ANY internet access point, even a 3G dongle works no problem. The controller has no URL, just an IP Address, and that was in the UK range, a different IP Address for each site, that were stored in his favorites list.