Over the next few days we are working on some minor changes to the way we handle passwords on the control pages (clueless). At these first stages you should see no impact, but there is a risk of issues, and we would ask anyone with problems logging in to control pages, changing passwords, or logging in to DSL, SIMs, etc, to let us know. Each stage is being tested on our test system and then deployed, with the first stage expected to be updated tonight. The final stage will mean a change on where passwords are visible, and the processes for issuing and changing passwords. We'll post more details closer to the time. This is all part of ongoing work to improve security. Thank you for your understanding.
The first stage seems to have gone well - our test/monitoring has been working well to help us check any anomalies and ensure consistency. The next stage should be equally harmless as it means changing over various systems to use the new password hashes. We plan to work on this over Easter. We will then go on to change the way passwords are issued when ordering and updated when customers wish to change them. This work is all part of general review and update of security for passwords on our various systems. Thank you for your understanding.
We are progressing with updates - the login to the control pages is now switched over to the new hashes - any issues, please let me know on irc, but all looks good from here. The RADIUS logins have changed over as well, to use line based passwords (which are same as control pages login passwords at present). Again, please let us know any issues, but so far all looks well. The next step later today will be a change to how you change the password on the control pages - this will move to the same system we use on the accounts pages - an emailed link that offers a new passwords via https. This is safer than plain text emailed passwords. Once that is complete, we plan to update he way passwords are issued when ordering new services, which will hopefully be done later today. There will then be more testing and cleaning up to be done later.
The first side effect that has been noted is that passwords on the control pages are now case-sensitive. Sorry for any confusion this may have caused.
We expect the work for there weekend to stop now - with more later in the week or next weekend. We are at a stage now that we need to provide some clear documentation on the different levels of passwords and what levels of protection are provided for these in our systems.
We are going ahead with more of the work this weekend now, and expect to separate control page login passwords from Line/DSL login passwords today or tomorrow. We'll post more details once the work is complete. We are currently running tests on out tests systems now.
We have now separated login passwords and line passwords. Any issues, please let us know.