Updates to password changing tool

September 25, 2008 – 10:46 am by kavan

In the interest of customer security we have updated our password changing tool to email main account holders when either the main account, or any mailbox under that account has the password changed.  The email also will go to any “invoice to email” addresses you have on the account.  We hope that this is useful in notifying customers immediately if their account or mailboxes have been compromised.

Share this post:
  • Digg
  • del.icio.us
  • Pownce
  • Slashdot
  • StumbleUpon
  • Technorati
  • TwitThis

  1. 3 Responses to “Updates to password changing tool”

  2. THere is some important clerification needed on this one. If the notification of a password change that is sent to “invoice to email” includes the new password, then this would be a major concern for us. In our case, we email the invoice to our bookkeeper, but I don’t want the bookkeeper to be given information about password changes, even without the actual password. I think the idea of notification is good, but I just don’t think it is good at all to implement it by broadcasting to people that we don’t want to have this info.

    By Bill on Sep 25, 2008

  3. The notifications do not include the new password, however, your concern is understood. We’ve already had some discussion regarding setting up a new service for password change notification email addresses. I’ll revisit the issue here and let you know what comes of it. For the time being the notification simply tells you that the password was changed, and what IP address logged in to change it.

    By kavan on Sep 25, 2008

  4. Still waiting — several years and counting — for sonic to allow me to have separate passwords for:

    1 Billing and account configuration
    2 SSH
    3 IMAP/POP (all above could be the same for me, but once the infrastructure is in place, why not?)
    4 Webmail (MUST MUST MUST be separate, to minimize exposure from compromisable public internet access)
    5 NNTP (passwords are transmitted over the public network IN THE CLEAR — and to a THIRD PARTY in the case of supernews.sonic.net … unbelievable!!!!)
    3a/4a Ditto webmail/imap split for non-primary mailboxes.

    This seems like pretty basic stuff to have in place, and has always seemed like something that a proven-to-be-technically-competent and customer-protective outfit like sonic should have been on top of ages ago.

    By Richard Mlynarik on Sep 29, 2008

Post a Comment

Please Note: Blog comments are not intended as a direct support contact. If you are having a technical problem, or something equally time-sensitive, please contact Sonic.net Support by sending an email to support@sonic.net or calling 707-547-3400 (phones open 6am-11pm M-F, 8am-10pm weekends).

Sonic.net Status is proudly powered by WordPress Entries (RSS) and Comments (RSS). Theme by Bob Hosted by Sonic.net