I'm not sure if I want to laugh or not; let's see what other people think:

Got the dreaded call from an elderly parent: "I have a computer problem..."

Email not working - Fat client on PC using POP3 to Spark/Xtra mail.  A quick diagnosis showed his password wasn't working.

Turns out we can reset that via the Spark/Xtra webmail interface, by answering a security question.  Fortunately, said parent remembered the security answer, which made that quite simple.

Re-entered new password into email client, and bingo: 3 days of emails appear.

--

Two of them are from Spark: "We noticed an attempt to gain access to your account, so have reset your password".

Well, great.  Nice work for noticing, great effort in remedying the issue; but minus several million points for resetting a password, preventing access to email, and THEN EMAILING TO TELL THEM!

OK, said parent has a landline, mobile phone, AND internet with Spark; so it's not like they don't know his mobile number to at least have an automated SMS saying "you need to reset your XtraMail password"...

--

Am I being unrealistic in thinking that forced-resetting an email access password and the only notification being by email to the impacted email address is a REALLY BAD idea?