cancel
Showing results for 
Search instead for 
Did you mean: 

MyRogers Username Concern

stuartb
I plan to stick around

I just had an email that said it was from Rogers that originated from a system in California with a scan of validity somewhere from Germany.  My suspicions were high!

The gist of the email was that my Rogers assigned account name should be changed to my email address "for security reasons".  Sure looked like the beginning of a phishing email!

Turned out to be true considering I was asked to change it to my email address when logging into my account today.  I refused.

I have one VERY SIMPLE QUESTION.

HOW can it be more secure for me to use my email address as my account name?  LOTS of people know my email address including spammers and scammers ... IF I do this,  anyone who knows that Rogers now has this policy doesn't have to guess my account name ... all they have to do is guess the password.

This is anything BUT more secure!!!!

If you asked me to change my account name to something OTHER than my email address, that would make a LOT more sense.

A typical Rogers account name might be jonesy146 now ... but you want him to change it to JimJones@rogers.invalid.com for example.  But Jimmy boy there uses his mail address a lot so lots of people know it.  So all the scammers have to do is guess his password.

That's not more secure ... it's LESS secure.

Please rethink this nonsense!

 

***EDITED LABELS***

9 REPLIES 9

Re: MyRogers Username Concern

RogersYasmine
Moderator
Moderator

Hello @stuartb!

 

Thanks for your post and we hope you've been doing well! 🙂

 

I can certainly understand your concern as safety and security is top priority for us at Rogers. One of the main reasons why we ask our customers to change their Username to an email address (preferably the same one you used to sign up with for simplicity) is because we also use that same email address info to authenticate your MyRogers online account. For example, if you were to forget your Username or Password, we would send a verification code to that same email address to help identify you. 

 

Also, we have run into instances of customers forgetting their usernames if they do not use their online account on a regular basis, so this just makes logging into your MyRogers account easier.

 

My recommendation would be to focus more on the password that you choose to secure your account with. The stronger the password, the more secure your account will be. Here are some tips that I hope you and others will find helpful!

 

Creating a Strong Password:

  • Choose a unique, hard-to-guess password (and never reuse one).
  • Don’t use obvious passwords, like your spouse’s name, your pet’s name or your birthdate, and avoid easy to guess ones like: password or 123456.
  • When it comes to passwords, the longer, the better. Choose ones that include upper and lowercase letters, as well as numbers and symbols.
  • Have a different password for each account/website.

As always, we really appreciate your feedback and we thank you for making this community a nice place to be! 🙂

 

RogersLaura

Re: MyRogers Username Concern

Just to point out, there was a time, maybe 5 years ago or so, when this policy was enacted.  Prior to that time, the main account password was separate from the forum password and possibly from other Rogers services.  I think @stuartb is correct, the enforced use of an email address is less secure, given the millions of email addresses that have been stolen from various companies, where those companies haven't admitted to  being hacked.  A simple search within those databases would turn up any @rogers.com addresses for example, easily identifying any Rogers customers who of course are forced to use their email addresses for account and other services.  The other issue is having to provide your family with the account email and password to use online tv services, which also gives them access to the main account.  Who ever thought that was a good idea?  This forces customers to think about setting up yet another email address at another provider, simply for the use of Rogers services.  

 

If Rogers is going to enforce the use of email addresses, just to make it easy for Rogers to use a single address, then the default security procedures should also include enforced use of account Pins, selected at the same time as the email address is selected or enforced, and default account lockouts on all third party services to prevent fraud, such as the nefarious Netflix fraud that seems endemic to Rogers customers.  Those procedures should also include Two Factor Authentication.  

 

So, if security is indeed a top priority at Rogers, then Rogers should be looking at separating the main account password from everything else and strictly enforce the other security procedures to prevent fraud.  Customers shouldn't have to find out after they've been subjected to a fraud incident that lockouts for third party billing for example are available, if you ask for them.  They should be enabled as a default account setting.

Re: MyRogers Username Concern

Hey @Datalink !

 

Thanks for the invaluable input!

 

I can definitely appreciate what you are saying. We are always looking for ways to make things better for our customers. Hopefully, we'll see further improvements in the near future!! 🙂

 

Kind regards,

RogersLaura

Re: MyRogers Username Concern

Here is my opinion. Yes Rogers is forcing people to have a email address instead of a username. Their database has both email and username so it's actually an optimization one less thing to remember or to store. The email is actually legit I never got one but when I login I got msg that I'm using a username and it's being phased out so I'm one of those people who this applies to.

I will be very happy to comply with this request. It's not a big deal so if you care about security or privacy I suggest you so these things or Rogers will force it upon us in a month or so and make it mandatory.

Re: MyRogers Username Concern

Pauly
Resident Expert
Resident Expert
Even tho Rogers uses your email address as a username you can have a unique password that is not the same as your email account password. Using different passwords for each service you login to is highly recommended by all the cyber security analysts. It's not a "Rogers" thing

By the way. Scammers don't "Guess" passwords anymore they acquire passwords from previous data breaches and use that to gain access. If you make it different for every service you will be safe

Re: MyRogers Username Concern

stuartb
I plan to stick around

Oh but they do ... my connection rejection log is a perfect example of that ... they go in batches to avoid suspicion but they do cycle through passwords.

Then the idea that an email address is more secure is nonsense.  If I were to change my username to that, then that's half my account login credentials available to ID theft.  I only use my Rogers account name for Rogers.  My email address is not used for anything for money if possible.  There is no real need for this change.

Re: MyRogers Username Concern

Pauly
Resident Expert
Resident Expert
I have the older username but I can sign in with my email anyways. All the migration will do is to remove the username and just set a marker on the email.

Like I said before, there is absolutely nothing wrong with migrating this. it is not less secure, you already have an email on file if you are under the old platform of having a username, the new platform just removes the username.

it might be more secure on the backend system they might implement a stricter password requirement once the migration is complete, either way, stop looking at the negative sand start looking at the positives.

Re: MyRogers Username Concern

Pauly
Resident Expert
Resident Expert
I worked on many IT system migrations in my career in the past. People who hang on by a thread to older technologies and dont want to let go or migrate really make it hard for people who are working on the systems from doing their job, for future stability and optimization of systems as well.

Re: MyRogers Username Concern

stuartb
I plan to stick around

Good Grief!

 

I have worked for 45 years in this business, so I know all about your talk of clinging onto old ways.  But this isn't a "clinging on to old ways" ... this is security.  The Rogers user name is one single database field for probably not more than 10 or 12 characters.  It's hardly a big deal.

You have missed the point.

My Rogers User Name is NOT known by anyone other than Rogers and me.  Changing my user name to my email address now means that anyone who knows of this Rogers change and my email address now know of half of my Rogers login credentials.  HOW ON EARTH is that more secure than the Rogers user name known by only Rogers and me?!?!?!?!

 

Sure

Topic Stats
  • 9 replies
  • 2355 views
  • 7 Likes
  • 4 in conversation