Dear CrystalTech Customer,

As we mentioned in an email sent out previously, we are happy to announce a few key changes to the way you communicate issues to us as well as changes to the way your information is available from within WebControlCenter. We want to provide you with details on the changes and how they will affect things.

While we had initially planned on rolling out the changes previously, in order to accommodate some minor adjustments, we will be releasing the modifications Tuesday, October 31st, 2006. A summary of the changes will also be listed in our next newsletter.

The modifications will include:

1. "Key Phrase" or "Secret Question" methodology as a second layer of security/verification.
2. Customer passwords not viewable from within WebControlCenter without proper credentials.
3. Ticket submission from within the WebControlCenter.
4. Account, email and FTP passwords removed from "Website Ready" email.
5. A "3 strike" rule for login to the WebControlCenter.

1. "Key Phrase" or "Secret Question" methodology as a second layer of security/verification.
Once implemented, customers will answer a "secret question" when they first log in to the WebControlCenter. The answer to this secret question will be used as a second level of authentication for accounts, for viewing passwords, etc. In addition, customers using a domain login to the WebControlCenter will also be required to choose and answer a secret question. For resellers, you can use one key phrase for multiple accounts under the customer login. You will be able to reset the secret phrase for those customers logging in via the domain level. When dealing with support through email, you will no longer be asked to provide any account verification information; instead, you will be redirected to submitting your request or issue from within the WebControlCenter (see below for more information).

2. Customer passwords not viewable from within WebControlCenter without proper credentials.
Another implementation of the “secret phrase” is in viewing account passwords. You will still have the “show/hide” button next to any password, but now when you click to “show” the password, you will be prompted for the answer to your “secret question”. This new methodology protects the integrity of the information by adding a layer of credentials, yet retains the flexibility of being able to see the information when needed. This was a very strong point of concern for customers, and thanks to several pieces of feedback we feel that by adjusting the security in this manner we have accomplished the goal of increased security without sacrificing ease-of-use.

3. Ticket submission from within the WebControlCenter.
We are extremely pleased to announce that customers will be able to send in requests to Support, Billing and Sales from within the WebControlCenter. Using this submission method you will no longer be required to include any account verifications (e.g. customer ID and password) as authentication would already be required for logging in to send the request. To facilitate the submission of issues you will be prompted for specific pieces of information that will make it easier for our staff to troubleshoot issues, answer questions, and respond correctly the first time.

4. Account, email and FTP passwords removed from "Website Ready" email.
Instead, they will all be displayed as the last part of the ordering process, and customers will have the option to print the page for their records or copy the information down for later use. Passwords will still be viewable from within WebControlCenter for individuals with the proper credentials (i.e. the correct answer to the “secret question”). Domain login customers will be able to view their authorized passwords using this same methodology.

5. A "3 strike" rule for login to the WebControlCenter.
Customers will have 3 attempts to log in to either the Customer or Domain login, and if they fail the account will be locked out for a period of time. This period of time will vary, but a good “rule of thumb” is that there will be a 60 minute lock out. Customers who are locked out can call in, and have the lock lifted by a member of our Customer Support team with alternate means of authentication.

While many of these changes are quite new to CrystalTech, it is clear that they are necessary to continue to provide our customers with the high level of service that they have come to expect. Thank you for your suggestions, your patience, and your continued support of CrystalTech.