You must update your Rogers email account settings

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
I Plan to Stick Around
Posts: 97

Re: You must update your Rogers email account settings

I do not understand the concept Yahoo is using. If the app password was unique to (1) the machine plus (2) the email client plus (3) the email account then I could see improved security.

 

But if it as stated by Rogers the app password is only unique to (1) the client plus (2) the account then I'm not sure what has been accomplished. Yes, it enforces stronger passwords beyond that I'm not sure.

 

It isn't a giant step upwards but it is sure to generate both concern and confusion for a large number of account users.

 

I have a password manager, I use randomly generated passwords of letters, numbers, symbols at least 12 characters and also change my passwords on a regular schedule. I don't share passwords with other accounts/sites. Most importantly I don't use Rogers/Yahoo email for any sensitive communications. 

 

 

Highlighted
I Plan to Stick Around
Posts: 21

Re: You must update your Rogers email account settings


@ti3 wrote:

There's an article on howtogeek.com about these app-specific passwords and how they are a band-aid solution at best and the security risks they pose.  Not a great solution Rogers.  Here's the link:

https://www.howtogeek.com/199804/warning-your-%E2%80%9Capplication-specific-passwords%E2%80%9D-aren%...


Yes...

The biggie that I see is where somebody catches your personal password.  

 

Right now, if my password is captured by somebody, I change the password and move on.  

Under the new scenario, if my password is captured by somebody, they can log on and create an app password for themselves.  Now, not only do I have to change my personal password, but I must also revoke a rogue app password.

 

Am I right?

Highlighted
I'm Here A Lot
Posts: 6

Re: You must update your Rogers email account settings

I inquired with Rogers about when the personal password would cease to work with email clients and when we would HAVE to switch to using App passwords.

 

This is what I got in response:

 

There hasn't been a final date set out. 

 

If there is one in the future, it will be communicated in email but for now, there is no hard date set. 

Highlighted
I Plan to Stick Around
Posts: 97

Re: You must update your Rogers email account settings

Yes, I agree you keep your original password and use it to log into Rogers/Yahoo portal, your Rogers account and your webmail. Once that password is compromised then like you I assume that your app passwords can be compromised.

Highlighted
I'm a Senior Advisor
Posts: 2,154

Re: You must update your Rogers email account settings

So somewhere down the road on some unknown date, people who are unaware of this change, or can't figure it out will be scurring to deal with it.

 

I had concluded it wasn't in place yet because out of curiousity I went to a real old school email client - Pegasus - and was able to set up both POP and IMAP

 

And I agree, about the only thing this creates is a strong password from what I can tell, unless, it is also registering the app or device with the server and does things like a new access to Google does where it says you have logged onto a new device or app, Outlook online does this too, Facebook as well, and all those three also use 2 level authorization if you choose to.

 

It appears that the Yahoo current model permits for 2 level authorization, and the ability to opt out of all of this model if desired, so why oh why are they going down their own direction.  Any of us can create strong random passwords from the Internet, or with password programs.  I don't get it.

 

I see nothing stronger in security here, except for maybe providing some unspoken device detection, and strong passwords.  And forget about ever setting it to not remember password using this model, so given this, they should also be strongly advising us to put lock codes on our devices.  Some of these older apps allow you to show the password, so some who picks your device up while still unlocked, could just go in and grab the password.

 

Shake my head one more time.

 

So back to moving all my wife's email contacts from Yahoo and completing my own and saying bye bye to this insanity.

Brue

Highlighted
I'm a Senior Advisor
Posts: 2,154

Re: You must update your Rogers email account settings

In my continued playing with this silliness.

 

I created a passkey, put it into my IMAP and it worked.

 

I then changed it back to my original password - it worked.

 

So guess mostly likely the information that at some point, it will just stop accepting old apps without the device app will happen.

 

Better have a lot of support on that day and days afterwards.

 

I did confirm though that although I could still receive POP on Pegasus, it wouldn't send smtp on the account. Go figure.

 

I think I am done with this testing

 

Appears that at the moment, it makes no difference whether we use the pass key or not.

Somewhere down the line we will probably be forced to.  That is when the fun will begin for real for many people.

 

I have never received an email about this, yet it seems some have - wonder how they plan to notify everybody?

 

As I mentioned, I will continue to get everything off yahoo rogers email, shut them all down and not worry about this.  I have nothing more to say on this one.  I will watch what people learn.  It is not an issue really for me, since my current apps are on the list of ok ones, and on PC, I go to my web mail generally, I will probably not be effected, just like to test changes so I can possibly help, but this one is really beyond me and I will see what happens when they fully implement.  I use my Mail for Windows 10 from the windows store to archive copies of important email on my computer and its backup system.

 

Good luck everyone and let us know how it goes.

 

Could a moderator please check with Rogers staff and confirm that this is delayed, adjust the blog post to reflect what the answer may be.

 

Bruce

Highlighted
I Plan to Stick Around
Posts: 10

Re: You must update your Rogers email account settings

This process was very poorly communicated.  

Highlighted
I Plan to Stick Around
Posts: 14

Re: You must update your Rogers email account settings

This is going to be a disaster.  Most people cannot identify what email client they use.  A significant number of those don't even know they have an email password, let alone what it is. Someone set it up for them years ago, it's always worked, and they have no clue about anything.

 

And Rogers bright idea is to send a sketchy-looking email expecting people to do this on their own?

 

Poorly done, Rogers. Poorly done.

 

Just dump Yahoo and move us to Microsoft already.

Highlighted
I've Been Here Awhile
Posts: 4

Re: You must update your Rogers email account settings


@57 wrote:

@BroSat wrote:

1. How is this not spam/phishing? The email I received today came from: rogers@email.rogers.com

 

2. The link in the email is: http://email.rogers.com/a/hBZEjvmB7RUsMB9bf2BCW5Iod8z/emailen

Looks illegitimate to me!!!


1. I get legitimate e-mails from this address at Rogers all the time regarding changes to my account - like changes to cable packages, cellphone offers, etc.

 

2. The link is different for everyone, however, it takes you to the following legitimate Rogers Support Page:

 

http://www.rogers.com/web/support/internet/email/442

 

The other links in the e-mail regarding MyRogers, Support and Community Forums are also legit. 

 

When you click on one of the (blue) links (like Member Centre or Webmail) in the support page with all the instructions, it takes you to an https (secure) connection.

 

3. My wife got her notice this morning and some other people have reported receiving similar notices. It looks like this is being rolled out slowly.  I haven't bothered to make the recommended changes yet to see where this thread goes first.  If you haven't received the e-mail and may be affected, you may wish to check your spam folder on your e-mail client or the spam folder in webmail in case it's there.

 

The support page explains who will be affected and not everyone is.



Thanks! I realize now that it is legit after going to rogers.com/email and seeing all the posts. I'm just extremely suspicious and never click on links I'm not sure about.

Highlighted
Resident Expert
Resident Expert
Posts: 3,624

Re: You must update your Rogers email account settings


@BroSat wrote:

Thanks! I realize now that it is legit after going to rogers.com/email and seeing all the posts. I'm just extremely suspicious and never click on links I'm not sure about.


And that is a good policy. I was suspicious like you as evidenced by the phishing comment in post 1 of this thread, but I did further research as you did.