>Does a domain registrar have the right to change a registrants registry
>key without the registrant requesting they do so?


The vast majority of these passwords were created by AUNIC (ie we never
created by the registrant), and are now quite insecure by modern standards
of security.  At one stage as part of the transition it was planned to
change all registrant passwords.  We have detected attempts on our systems
to compromise the password.  A standard electronic security precaution is to
update passwords when there is a major change.  Registrants are informed of
the new passwords whenever a change occurs, and registrants have the option
to change the password to a password of their choice.  Past experience has
shown that registrants have not updated their passwords (it has always been
possible to update the AUNIC passwords, but most are still set as per
original).

auDA is currently reviewing its password policy for the passwords stored in
AusRegistry, 
and I am sure would welcome input from the members of this list.

Regards,
Bruce Tonkin