08-20-2021 03:00 PM - last edited on 08-20-2021 03:44 PM by RogersCorey
I just had an email that said it was from Rogers that originated from a system in California with a scan of validity somewhere from Germany. My suspicions were high!
The gist of the email was that my Rogers assigned account name should be changed to my email address "for security reasons". Sure looked like the beginning of a phishing email!
Turned out to be true considering I was asked to change it to my email address when logging into my account today. I refused.
I have one VERY SIMPLE QUESTION.
HOW can it be more secure for me to use my email address as my account name? LOTS of people know my email address including spammers and scammers ... IF I do this, anyone who knows that Rogers now has this policy doesn't have to guess my account name ... all they have to do is guess the password.
This is anything BUT more secure!!!!
If you asked me to change my account name to something OTHER than my email address, that would make a LOT more sense.
A typical Rogers account name might be jonesy146 now ... but you want him to change it to JimJones@rogers.invalid.com for example. But Jimmy boy there uses his mail address a lot so lots of people know it. So all the scammers have to do is guess his password.
That's not more secure ... it's LESS secure.
Please rethink this nonsense!
08-21-2021 09:02 AM
Thanks for your post and we hope you've been doing well! 🙂
I can certainly understand your concern as safety and security is top priority for us at Rogers. One of the main reasons why we ask our customers to change their Username to an email address (preferably the same one you used to sign up with for simplicity) is because we also use that same email address info to authenticate your MyRogers online account. For example, if you were to forget your Username or Password, we would send a verification code to that same email address to help identify you.
Also, we have run into instances of customers forgetting their usernames if they do not use their online account on a regular basis, so this just makes logging into your MyRogers account easier.
My recommendation would be to focus more on the password that you choose to secure your account with. The stronger the password, the more secure your account will be. Here are some tips that I hope you and others will find helpful!
Creating a Strong Password:
As always, we really appreciate your feedback and we thank you for making this community a nice place to be! 🙂
08-21-2021 09:23 AM - edited 08-21-2021 09:27 AM
Just to point out, there was a time, maybe 5 years ago or so, when this policy was enacted. Prior to that time, the main account password was separate from the forum password and possibly from other Rogers services. I think @stuartb is correct, the enforced use of an email address is less secure, given the millions of email addresses that have been stolen from various companies, where those companies haven't admitted to being hacked. A simple search within those databases would turn up any @rogers.com addresses for example, easily identifying any Rogers customers who of course are forced to use their email addresses for account and other services. The other issue is having to provide your family with the account email and password to use online tv services, which also gives them access to the main account. Who ever thought that was a good idea? This forces customers to think about setting up yet another email address at another provider, simply for the use of Rogers services.
If Rogers is going to enforce the use of email addresses, just to make it easy for Rogers to use a single address, then the default security procedures should also include enforced use of account Pins, selected at the same time as the email address is selected or enforced, and default account lockouts on all third party services to prevent fraud, such as the nefarious Netflix fraud that seems endemic to Rogers customers. Those procedures should also include Two Factor Authentication.
So, if security is indeed a top priority at Rogers, then Rogers should be looking at separating the main account password from everything else and strictly enforce the other security procedures to prevent fraud. Customers shouldn't have to find out after they've been subjected to a fraud incident that lockouts for third party billing for example are available, if you ask for them. They should be enabled as a default account setting.
08-21-2021 09:39 AM
Hey @Datalink !
Thanks for the invaluable input!
I can definitely appreciate what you are saying. We are always looking for ways to make things better for our customers. Hopefully, we'll see further improvements in the near future!! 🙂
08-21-2021 11:05 AM
08-21-2021 11:15 AM - edited 08-21-2021 11:18 AM
08-21-2021 11:28 AM
Oh but they do ... my connection rejection log is a perfect example of that ... they go in batches to avoid suspicion but they do cycle through passwords.
Then the idea that an email address is more secure is nonsense. If I were to change my username to that, then that's half my account login credentials available to ID theft. I only use my Rogers account name for Rogers. My email address is not used for anything for money if possible. There is no real need for this change.
08-22-2021 08:44 AM
08-22-2021 08:47 AM
08-24-2021 11:00 PM
I have worked for 45 years in this business, so I know all about your talk of clinging onto old ways. But this isn't a "clinging on to old ways" ... this is security. The Rogers user name is one single database field for probably not more than 10 or 12 characters. It's hardly a big deal.
You have missed the point.
My Rogers User Name is NOT known by anyone other than Rogers and me. Changing my user name to my email address now means that anyone who knows of this Rogers change and my email address now know of half of my Rogers login credentials. HOW ON EARTH is that more secure than the Rogers user name known by only Rogers and me?!?!?!?!