Menu
Reply
  • 509
  • 7
  • 67
Sigma
Fibre optic
570 Views
Message 1 of 8
Flag for a moderator

After changing my password, the old password still works in an email client

This is a very strange issue.

If I change my password via My Virgin Media, I immediately have to use the new password when signing into webmail, as expected, however, in my email client on my PC, the old password still works. However, if I go into the account settings in my email client and change the password to the new one, that then works and the old one stops working.

After experiencing this, I went and changed my password a second time, just as a test, and the same thing happened again.

0 Kudos
Reply
  • 690
  • 106
  • 354
Very Insightful Person
Very Insightful Person
553 Views
Message 2 of 8
Flag for a moderator
Helpful Answer

Re: After changing my password, the old password still works in an email client

Ah what you've stumbled into is one of these cases where the technology doesn't actually work the way you expect it to.

What you might think is that every time the email client tries to access the server, it sends your username and password to check, actually it doesn't. What it does is uses your credentials to negotiate a series of tokens which have a limited lifetime, and it's these tokens which are actually used to authenticate the connections. So change the password on the server but until the token ages out and needs to be regenerated, the email client is still authenticated to the server and continues to send and receive mail.

On the client, if you change the password there (or indeed delete and recreate the mailbox connection - which is a bit drastic), it immediately expires the old tokens and starts the negotiation to setup new ones at which point the old password doesn't work anymore.

It's by design, otherwise there'd simply be too much traffic backwards and forwards for each transaction. How long this takes depends on the server and how it's configured, could be a hour or longer.

  • 3.86K
  • 409
  • 1.38K
Very Insightful Person
Very Insightful Person
536 Views
Message 3 of 8
Flag for a moderator

Re: After changing my password, the old password still works in an email client

IMHO this is a bug and one that has already been solved elsewhere with the termination of existing IMAP sessions upon a password change.

  • 3.86K
  • 409
  • 1.38K
Very Insightful Person
Very Insightful Person
535 Views
Message 4 of 8
Flag for a moderator

Re: After changing my password, the old password still works in an email client


@Sigma wrote:


If I change my password via My Virgin Media, I immediately have to use the new password when signing into webmail, as expected, however, in my email client on my PC, the old password still works. However, if I go into the account settings in my email client and change the password to the new one, that then works and the old one stops working.


@Sigma  did a security event prompt the change of password?

0 Kudos
Reply
  • 509
  • 7
  • 67
Sigma
Fibre optic
520 Views
Message 5 of 8
Flag for a moderator

Re: After changing my password, the old password still works in an email client

Thanks for the replies! I changed the password because it's something I do periodically, so what jem101 said makes sense and explains what I was experiencing.

0 Kudos
Reply
  • 17.92K
  • 992
  • 7.53K
Very Insightful Person
Very Insightful Person
502 Views
Message 6 of 8
Flag for a moderator

Re: After changing my password, the old password still works in an email client

I'm going to have to respectfully correct @jem101 here.

Although what he says does seem sensible.  As someone who's actually looked into Virgin Media's email setup closely I should point out that if you attempt to set up a login using Thunderbird it will report the login method as Normal password - which sends the email address and password in plain text. (the connection is encyrpted with TLS 1.2 on port 993)

Compare this to setting up a Gmail account which uses Oauth2 - which is a token exchange mechanism

P.S.  I've also manually looked at the capabilities it reports and it doesn't report anything other than the IMAPrev1 and NAMESPACE - this is not guesswork on my part  Login is actually sent using the command

a1 login <username> <password>

Note a1 is a token but not in the same sense as an SASL token.

I personally have experienced the same problem as the OP and it was actually down to an issue on the LDAP backend.  So this needs escalating so it can be resolved properly.

Tim

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

0 Kudos
Reply
  • 3.86K
  • 409
  • 1.38K
Very Insightful Person
Very Insightful Person
491 Views
Message 7 of 8
Flag for a moderator

Re: After changing my password, the old password still works in an email client


@ravenstar68 wrote:

I personally have experienced the same problem as the OP and it was actually down to an issue on the LDAP backend.  So this needs escalating so it can be resolved properly.


If restarting the email client results in a prompt for the new password and successful login then it is unlikely to be a back end issue IMHO.

0 Kudos
Reply
  • 3.86K
  • 409
  • 1.38K
Very Insightful Person
Very Insightful Person
457 Views
Message 8 of 8
Flag for a moderator

Re: After changing my password, the old password still works in an email client

Ignore my previous post as Sigma has already confirmed the behaviour when writing:

@Sigma wrote:


If I change my password via My Virgin Media, I immediately have to use the new password when signing into webmail, as expected, however, in my email client on my PC, the old password still works. However, if I go into the account settings in my email client and change the password to the new one, that then works and the old one stops working.

0 Kudos
Reply