Sure, but if they now go out and say do this and that to secure them a big portion of the users will have support issues. They don't understand the instruction, the pressed the wrong button, they entered the wrong value, all sorts of things could go wrong and the ISP has to dedicate resources in fixing it while they don't gain anything in return.
Most routers shipped by ISPs have remote management enabled, they can be reconfigured by the ISP themselves without having to involve the end user in the process.
I will say most of the time the ISPs themselves provide the routers at residential homes
Sure, but if they now go out and say do this and that to secure them a big portion of the users will have support issues. They don't understand the instruction, the pressed the wrong button, they entered the wrong value, all sorts of things could go wrong and the ISP has to dedicate resources in fixing it while they don't gain anything in return.
Most routers shipped by ISPs have remote management enabled, they can be reconfigured by the ISP themselves without having to involve the end user in the process.