I got an e-mail on one of my e-mail accounts this morning. Interestingly I only got it on one of our accounts, not the other three accounts that my wife and I have.
At first I thought it was phishing, but it appears that people who use certain e-mail clients (like Outlook) will have to reconfigure those clients for a "new password" (app password). Webmail doesn't appear to require the change.
The e-mail states:
Important: You must update your Rogers email account settings.
Protecting your data is as important to us as it is to you. Rogers is making several security upgrades and implementing a new authentication system to further protect you and your data.
Rogers requires you to update your email settings to continue using your email account.
It only takes a few minutes of your time to ensure you have uninterrupted access to your email.
There is a link as follows indicating the people who need to do this, as well as instructions on how to do it:
Please excuse me if this is discussed elsewhere. I did try searching and didn't find a thread on this specific topic.
Thunderbird isn't specifically on the list of mail clients that need to update. I realize that they can't list all clients, but since I use it I assume lots of others do too [self-deprecation]. Anyone know if this applys to Thunderbird?
I don't understand how a randomly generated password from some app I'm supposed to trust is "updating my email account settings" other than getting me to use a password that I didn't select myself.
Exactly. Also, what happens if I want to use two different Clients on two different devices. Will one of them now not work? It seems Rogers is just pushing everyone to use other e-mail services.
I dont think its completely about 'diffuculty'.. moreso, to make it SECURE.
Often for a lot of services, to be able to make the most secure, etc.. as much as being something on the BACK end, its often something as simple as brute force/common passwords, or obtaining passwords through malware, etc.
To help prevent these sorts of intrustions.. there are often EXTRA steps that need to be taken to log in, SAFELY.
My google account, as well as many other services.. i have enabled 2 factor authentication. Requires as well as user name and password, a 6+ digit code that is on a device that only is/should be accessible by me.
Is it a pain, and takes extra steps/time to log in? Yup. But also ensures that the account is secure.
Even many major game companies like Blizzard offer the same things... the amount of time you ALWAYS see people complain about being HACKED, they always do NOT have 2 factor authentication on.
Can I opt out of this feature? I am happy with the way things are.
I have a cell phone on which I check my e-mail (leaving them on the server) and a desktop that uses Outlook where I download the messages.
How will this now work if I generate a password for the desktop using the Outlook flavor? Will my cellphone still be able to read the e-mail with this new password, even though it is not using Outlook?
There's an article on howtogeek.com about these app-specific passwords and how they are a band-aid solution at best and the security risks they pose. Not a great solution Rogers. Here's the link:
I really wish that Rogers could answer some really simple questions, or at least have their call centre tech help support Macs better than they are.
It's disappointing when the answer to a question is" "Oh, you need the Mac expert and they're not in now. Call back tomorrow between 9-3 and they might help you. *click*
So, here's the questions I'd like answers to:
1 - A correct way to fill in the fields for this new App code on Mac Mail for OS 10.12. Using their instructions as given, it does not work. Give a screenshot of a correctly filled in POP/IMAP page with examples. What is given on the page you're sent to by the email from Rogers is useless.
2 - What happens when the Mail program has more than one Rogers email account on it? What happens with the settings then? Do you need an App code for every email account in the mail program? Tried using one App code for all accounts and one for each separate account. Neither works.
3 - IOS use of the App code fails. In fact, using the Yahoo tab to try to make the email work fails. So it all has to be entered as "other" and then the same issues comes with the App code. Do we need one for every email account on a device or one for all of them?
There needs to be a far clearer explaination of how to make this work correctly than the vague page that's given.
So Rogers, how about providing really useful information online, that's easy to find and understand. Put it on the page where the App codes have to be created, that would be great too.
Give your call center staff some current information about iOS and OSX mail programs to pass on to customers so that we don't get frustrated.
In other words, rethink your customer service, even a little.
This is the wave of the future for security, unless you have biometrics coming next as it exists on some devices and computers.
Let's consider it like this - at one point in my life we locked our doors with a hook to keep the animals out. Never worried about people entering the house.
Then we saw locks on the door knob, or a key lock which happened to use a standard skeleton key.
Then we began to add deadbolts as well to make two locks and yes, two keys. Hotels moved to key cards to deal with lost keys that are recoded each time.
It is a minor inconvience of additional security.
The interesting thing though is saying this is a Rogers/Yahoo decision. Rogers has nothing to do with this. It was implemented by Yahoo and announced a few months back, and just being implemented fully now.
It is a minor inconvience - less than the 2 factor verification which I detest and have yet to turn it on as it is an option.
Then there is security for Rogers if you phone in - they still don't require a PIN number - you can still do the Name, birthdate, postal code which is not the most private information around. I can remember a few years back being one of probably many pushing at Rogers at the President's level about my concern for the weak security that they used and finally the PIN came in.
So I am glad to see that most email providers, and other logins are requiring higher levels of security to access. As they improve it, it will change again, as others find other ways to break through it. Kind of like my bike lock - If I use one kind, someone will have a device to break it, but if I use two completely different types, they require two tools to get in.
It is all for our protection and thanks for the clarification on how to deal with the change. We have been so absent of information from Rogers on the whole Yahoo security question, it is nice to see them stepping forward and letting us know and providing detailed directions, which probably means that the support CSR's can easily talk us through it if unsure.
How is this not spam/phishing? The email I received today came from: email@example.com
The link in the email is: http://email.rogers.com/a/hBZEjvmB7RUsMB9bf2BCW5Iod8z/emailen
Looks illegitimate to me!!!
It is a minor inconvience -
How does this work where I have multiple computers accessing the same POP account? lets say 2 or 3 with the the "leave messages on server" option... and the 4th "main" one removes the messages.
2 of the computers may be outlook, 1 is an iOS phone (or ipad) and 1 may be an adroid tablet using a POP "other".
First off, I have NOT received an e-mail regarding the update and imagine that I'm not alone.
I don't mind implementing new security measures but these instructions leave a lot to be desired,
So we have 5 computers, 4 email addresses, 4 different email clients. Is it one unique app password for each email client or one unique app password for each email address on each email client on each computer?
Am I changing 80 passwords or am I moving to a different email service.
Think someone from Rogers should clarify this to all Rogers clients, not every one reads this forum.