In the interest of customer security we have updated our password changing tool to email main account holders when either the main account, or any mailbox under that account has the password changed. The email also will go to any “invoice to email” addresses you have on the account. We hope that this is useful in notifying customers immediately if their account or mailboxes have been compromised.
THere is some important clerification needed on this one. If the notification of a password change that is sent to “invoice to email” includes the new password, then this would be a major concern for us. In our case, we email the invoice to our bookkeeper, but I don’t want the bookkeeper to be given information about password changes, even without the actual password. I think the idea of notification is good, but I just don’t think it is good at all to implement it by broadcasting to people that we don’t want to have this info.
The notifications do not include the new password, however, your concern is understood. We’ve already had some discussion regarding setting up a new service for password change notification email addresses. I’ll revisit the issue here and let you know what comes of it. For the time being the notification simply tells you that the password was changed, and what IP address logged in to change it.
Still waiting — several years and counting — for sonic to allow me to have separate passwords for:
1 Billing and account configuration
2 SSH
3 IMAP/POP (all above could be the same for me, but once the infrastructure is in place, why not?)
4 Webmail (MUST MUST MUST be separate, to minimize exposure from compromisable public internet access)
5 NNTP (passwords are transmitted over the public network IN THE CLEAR — and to a THIRD PARTY in the case of supernews.sonic.net … unbelievable!!!!)
3a/4a Ditto webmail/imap split for non-primary mailboxes.
This seems like pretty basic stuff to have in place, and has always seemed like something that a proven-to-be-technically-competent and customer-protective outfit like sonic should have been on top of ages ago.