From my little bit of understanding, it's the program or application manufacturers that are moving to OAuth and that Rogers/Yahoo is just trying to keep up with the changes. I may be wrong but that was what was told to me.
It looks like a phishing message because the email includes a direct link which is normally a red flag. Paypal and banks always instruct users to log into their services and navigate to the appropriate location themselves.
Brian: That might be what Rogers/Yahoo says but programs such as Windows Live Mail are no longer supported by Microsoft. So it is highly unlikely that M$ is moving to OAuth on an unsupported product.
Rogers obviously does not want customer feedback This is a communication fiasco on their part - poorly communicatd, no timeframe given, confusing inf about SSL updates. They need tto reissue their communication with full information rather than leaving it to the customer to figure out. Apparently once all is done you can revert to whatever password you'd like.
Am I the only person who had the following probem trying to create an App Password?
After logging on to my Rogers webmail, when I click on my "Account Info", it takes me to the following "rogersmembercentre" webpage: https://rogersmembercentre.com/rmcapp/remc.html#/signin
This takes me to a Welcome page that states:
"A new and easy way to manage your Rogers email account. Please login with your @rogers.com or @nl.rogers.com email address and password." When I sign in on this Welcome page with my Rogers Email and Password, I get the message, "We are sorry but the system is not available"
Another change I found
Yahoo settings are no longer available for Rogers/Yahoo email
If you go to email settings, if you want to work with your primary and secondary accounts, you will need to click on your Name and then click on account info
Where it will take you to the new Rogers member page where you can work with your primary and secondary accounts. You can add or delete accounts from the Manage email accounts section.
Depending upon which one of your emails you logged into, you will be able to do a limited set of tasks under account information.
This includes changing your personal information (first and last name and language)
Change your password
Set alternate contact information (a second email say from Google or whatever), plus your phone number (should be a mobile as it is used to send you texts) and is critical for the "authorized passwords" for devices as you will may need to have verification messages sent to one or the other.
Clarification on SSL
In the earlier posts, it refers to a post from 2014 where it described how to set SSL on, although it uses the old pop.broadband.rogers.com and smtp.broadband.rogers.com and imap.broadband.rogers.com
and the related port numbers.
I am unsure why the posts from Rogers are talking about these, as the SSL has been required since 2014. There was an issue with expired security certificates earlier this year, that people had to deal with and the only place where this whole discussion comes into play is if you are setting up one of the "older" or unsuported email clients.
The requirement for the full user name as your email address email@example.com is also not new - Yahoo began requiring this earlier this year as well, as the same user name may exist with another provider using Yahoo services and so therefore, must have the domain address included.
Again, this is relevant only to new installs of email, and as far as I am aware, we all had to deal with these two issues earlier.
The PassKey Model
Interestingly, it seems that Rogers is using a slightly different verification process than if you set up a new yahoo account.
It looks more like a one time 2 stage authorization process, which probably is facilitating a one time setup of what has been described earlier as OAuth or Open Security authorization. There were risks in the early versions of scraping the masked password or passkey, but that is supposed to have been resolved in the latest version 2.
I funny one is what security experts are commenting about which is the new name for Yahoo and AOL, Oath, which they descirbe as a variation to the security protocal of OAuth, which they describe as laughable given the security holes that both companies have experienced. Probably not a great choice of name for people who are in the know. They continue to be a joke and their history persists with the new name chosen by Verizon.
Rogers has chosen to have their own web access, where you can neither turn off the PassKey or turn off or turn on 2 step authorization, so it would appear that there is no way but to do it the way they have presented it.
So yes, Rogers does have a roll in this design - they have chosen to taken a different approach than Yahoo.
Yahoo's use of the Pass Key sends an approval to another device, and it must be a cell phone (don't ask me what you would do if you don't have SMS - and before anyone says who doesn't, some people don't use text and wouldn't know what to do with it anyway - like my inlaws and others I know - they are just not interested. Thre cell phone is merely an emergency calling device).
But with the model from Yahoo, they will occasionally send you a new authorization for your to approve.
The details on how to handle the setup for olde email clients is at http://communityforums.rogers.com/t5/How-To-Videos-Knowledge-Articles/How-To-Updating-your-Rogers-Ya...
But important missing information:
For some products like Outlook 2013 and 2016, there is a box under the remember password named -
The yahoo model for setup requires the box “Require logon using Secure Password Authentication (SPA)” to be checked as that is what makes the authentication process work with their 3rd party authentatication server.
I wonder if Rogers has turned this off, although if it is, then they are only using what is really a two stage one time authorization with this password that is created in the member centre, not OAuth.
Could @RogersRoland please check on this requirement of the SPA box as Yahoo requires it in their implementation.
To complete, I will still say, this is yet another example of poor communication and implementation with Rogers technical changes related to security certifcates - this is not the first time we have run into security certificate issues with Rogers website applications and related protocols in the last couple of years - online home voicemail, and one number come to mind immediately, but there have been others.
In addition, I still say "why has Rogers stayed with yahoo for so long?" It is not trusted by the industry in general, and maybe it will be better with Verizon.
As a final note, this will all be relatively easy with modern phones and their account setups, as long as you use the automated set up for Yahoo.
This notice got rolled out too soon as the member centre didn't go live until today, and then required me to go through another learning curve.
And by the way, why when we were told months ago that POP would no longer work, did it work when I set it up on an old Pegasus email client (from about 2004)?
Just one more mystery of Yahoo, its security models and subsequently the impact on the providers like Rogers, and most importantly on us.
There is certainly going to be a learning curve for those that have stayed with their older email clients, and even newer ones like outlook 2016 which is not exactly old.
The model is primarily designed for using web mail with clients that have been designed for modern phones, with what seems to be workarounds for older clients.
Ahh well, the challenge goes on.
I will leave it to others to write up and test the new model once they turn it on - whenever that will be.
Oh, and I just got my email today - does look just like a phising email, that every major company no longer uses as a way to communicate. Why does Rogers continue to ignore its own advise around watching for phising.
Why not on MyRogers, or our bill, or a phone blitz, (although that may be perceived as phising too). Or why not Connected Rogers, or a pinned post on Facebook. Wonder if Twitter has posted this knowledge too?
Yes, definitely a communication mess for sure - common Rogers, get your act together, please.
BTW, anyone try clicking on the twitter, fb or other social media links on the original email - all dead links!
Think that we will all have to wait for this to roll out. Personally I think I would follow the steps provided. I have tested it on old software with the settings and the pass key and it worked but I was able to use regular password to.
This thing is such a mess I can't confidently explain any of this or even guess what is the best route until they turn it all on.
I wonder how well they have tested all this stuff. Testing has been a real sour point for me the last few years.
Will comment if I find any thing that clarifies all this.
Only outstanding question is the accuracy authorization second on outlook 2013 and 2016. I don't have either so can't test and we won't know for sure until someone tests and if not live may not matter.
Yahoo and Rogers. Ugh.
My suggestion. Set up a Google or Outlook account and forward your mail there and set return address and gradually get off Rogers email. Then eventually just shut the yahoo accounts down.
Have been trying to figure out how to update my Rogers/Yahoo password on the Android Outlook APP. Intruction say to sign into account, change password and then re-synch phone. Great, which new password? Instructions say one is needed for each device used to access Rogers/Yahoo mail to I've generated one for my PC and one fr my phone. NONE OF THIS MAKES ANY SENSE. I'm afraid of losing access to critical emails. Anyone have an answer???