A few minutes back I was going to create this thread only to debate whether WBS should provide us with a secure online Username/Password changer form (like what Telkom have had to provide for ADSL users). Then I remembered that there are a few other things that WBS need to deliver before launch in April 2005.
- Telkom ADSL helpdesk people can see a customer's username & password in the clear on their monitors. It is fact (if you do not believe it you can debate it in the ADSL section). Some ADSL MyADSLrs have reported that their account gets hijacked and their capped bandwidth used by hijackers, the only logical/viable suspects being Telkom employees.
In contrast with ADSL, WBS' iBurst uses proprietary hardware, that similar to a cell phone has a hardware ID, the h/w ID is called a UTID.
My understanding (after the recent WBS db change) is that WBS authenticate iBurst connections using UTID+username+password, which are all linked to a single account (presumably).
Therefore, it may or may not be possible to do the same hijacking of our capped 3Gig bandwidth on iBurst, due to the UTID (presumably) being used together with username & password for authentication. Perhaps a test is in order to verify that.
The question I have is this: if WBS only allow that one piece of hardware (UTID) to connect under your account, then why do we even need a username & password? Is it merely redundancy, or is there a real risk of bandwidth hijacking? You could say: in case the UT was stolen, I say let the thief use the bandwidth, while you report the UT stolen & WBS report the thief's location to the police...
I am guessing the answer will dictate whether we need an SSL secured online form for changing username & password on our iBurst accounts.
- Bandwidth Usage Tracker that shows in detail, daily upload & download stats, preferably separated into local & international, and preferably with no more than a 30 minute update delay.
- eMail: the pre-launch contracts include email accounts (POP3) that are supposed to be implemented sometime before the actual launch in April.
- A service interruption/degradation notification system- something like the SAIX severity 1 thing (or what it should be). You should be able to receive notifications via email, as well as view them online.
- What have I left out?