So my understanding is correct?

@IUseAMac and @CJ12 and others:

Clarifications to a few questions, that I did my own testing with.

1. You stated you clicked done before setting up the password on the windows Mail app.  I just tested this scenario and I set up my Windows Mail on Windows 10 and used the password that I used in Pegasus, Thunderbird, and Mail, and that same created password on the Rogers member page worked in all three.

I did try the last one by clicking done first, and it still worked, so I suspect it was something else in the settings in error. Although I did have it happen once, not sure why, I just deleted another one and redid the process, but my guess at this point is that you have to do the cut and paste process, then click done when your client is set up.

Could others report on their experience of clicking done or not and other times where it may have failed to accept the passcode.

Interesting note - this process claimes to be using a one time use password (or so they claim in Yahoo), but it worked on all three of my old clients using old non automatic Yahoo settings.  I did this in both Rogers and Yahoo using the same passkey created via yahoo for a yahoo account and via Rogers member page for rogers account and it worked across all apps - so it doesn't appear to be one time as long as you still have it available to you written down, copied and emailed to paste on other apps or computers or devices.

Although, what I am not sure about is the clicking of done.  That may then restrict to only the software you set it up before you clicked done, locking it out from future use on new ones.  I have not tested that.  I left it open and setup three software and it all worked on the same key.  This occurs on both Yahoo based or Rogers based emails.

As for putting multiple accounts on the same email app, you would have to set up the first account with the passkey by logging into the member centre for that email.  

When done, create a second account, create another passkey and enter it for the next email on your software client, and continue one by one for each secondary email you use.  The prinicple for this is that each secondary account theoretically is for different people possibly, and it provides them their ability to control access to their email and password, not the account holder.  It has always been that way.

As for OAuth - I can't say if this is version 2 or earlier, but I certainly hope that is the later for security reasons.  The way the process works on the older versions is the same now, it is just a higher level of protocol security with version 2.  And when setting up clients use normal authentication choice, or automatic (if available), not OAuth2.

It doesn't appear that OAuth is being used with the older software, it is just a randomized password created and recognized by the servers, and supposedly one time only.  It is important to lock your device to keep access to your email and other apps secure.

So in summary,  Rogers has provided a simplified interface for security and password creation for third party email clients, removed access to 2 stage authorization, the ability to turn off the passkey feature, or to accept non secure clients (which seems to still be active at this point with Rogers).

Once they get it nailed down, it appears that it will be fairly user friendly, secure, with limited options, but certainly has been poorly communicated, and when you include the concern we all have for anything Yahoo security related, it creates lack of trust and miscommunication.

Hope this dialogue is providing some clarity.  At the end of the day, the instructions provided tell us what we need to do,

Don't currently speak to how to deal with multiple email on one account, there seems to be some issues with timing of the button done and whether the passkeys are truly unique or can be used across multiple devices.

To be safe, I would create one for each device.  It also doesn't comment clearly that the delete function allows you to take that passkey out of service for a stolen or compromised device or software, or to decide to change them occassionally.

Again, hope this is helping.  I haven't yet reached a point where I could summarize this easily into the existing guidelines, but I think the original writes could review these with the people at Rogers and make the clarifications and modifications, and please let's get a drop dead date.

If you don't meet it, then just extend it.

Bruce 

You can reuse an App password associated to an email address on any number of email clients. I created one and reused on at least two different computers. Yeah, if one of those computers gets compromised, I could delete that one App password and now I would have to regenerate passwords to fix both of those computers. 

I use a password manager so a long password string is no big deal. I guess now you don't really need to track these App passwords - if you need to add an email client, just create a new App password for it.

Not to rain on anybody's parade but...all we know is that Rogers wants us to change the password now.

As people say that "this works" or "that works" that may not be the case.

Right now any password will work.

We won't know anything until Rogers actually impliments the new system.

Thank you, Bruce for the detailed reply.  One thing I forgot to mention, is that I have Live Mail set up to use a POP3 server.  Could this be part of the problem?  I have seen some comments suggesting that Rogers requires an IMAP setup, but when I originally set up Live Mail, the instructions from Rogers only referred to the POP3 setup.

I haven't had a chance to try this again (in fact, I have been reluctant, because I don't want to lose access to my email on my primary computer.)

But I will try it again, and report back with the results.

Another question, and please excuse my ignorance, but does it matter what sort of a name you use in the "Name your password field?"  It only says to use "the name of the mail client it’s for," but if I create a separate passkey for each of two devices (both using Live Mail) I expect I would just try something like Livemail1 and Livemail2.  I am curious what sort of names you used in your tests.

Like others, I wish Rogers would give some indication of when it will be necessary to make the changes.

Regards,

Jack

Clarification on use across multiple devices  The key is "one time only" when tested on Yahoo account.

When I tried to access the account I set up for testing today for the Yahoo account, I got a message indicating that I was attempting to access the email with a previously used one time only passcode password (never know what to call this thing).

It wouldn't let me in, and directed me to the account settings to set a new "one time" passkey.

So since the Rogers system is laying on top of the Yahoo email system, once activated, I  would suspect that the passkey will be one time only for setting up a single device.

There is actually a message in the Yahoo help on this topic that recommends using a third party password application to protect security of your email on these older models.

Note:  the message did say that you will be occasionally sent a request to change your passkey.  One more layer of security, but Rogers doesn't mention this one, so don't know if it applies.

We will all understand better once they finally activate the model.

Bruce

@CJ12  I used the name of my application and 1, 2, and what device I was on as I have many.

Don't think it matters.

I would suggest that people don't try to remember the passwords at all - but use user locking passwords, or third party password applications.  The intent of random passwords is to avoid creating things that people may figure out.

It is going to be a learning curve for sure.

Bruce

Thanks, Bruce.  Just curious if you had any thoughts on whether it matters if using POP3 or IMAP servers?

I didn't get a chance to try anything yesterday, but I hope to have the time to try it out today.

---

@CJ12 wrote:

Just curious if you had any thoughts on whether it matters if using POP3 or IMAP servers?

---

It shouldn't make any difference, as POP and IMAP are just different methods of retrieving mail.  However, as I understand it, Yahoo is deprecating POP and therefore not likely to use this with it.

@CJ12  I have everything on IMAP now since Yahoo reported that POP was deprecated at end of March.

But a clarification is needed.

I have been reading up on the POP issue with Yahoo mail on their help pages.  There are mixed messages going on there.

It appears that POP and IMAP are both active when from your email client, but older ones, you will need to set up passkeys, as Rogers is soon implementing.  

Where the POP issue comes into play (as I read it) is that you cannot import mail from another account using POP anymore example, if you wanted to have mail imported from a gmail account to Yahoo account.  POP is not available anymore for that purpose. You can still connect other accounts, but it will be an IMAP connection - probably to prevent malicious email on another server from being imported into Yahoo.

The regular POP settings still work for your email client on your computer, and the advantage for some people is that you have an archived set of all your email on your computer or storage devices - say if you want permanent copies after you move to another email server.

Confusing to say the least - there is a 12 page thread on it on the Yahoo help pages.

You can still import email from yahoo accounts to Gmail.

This is all related to Yahoo mail, not the Rogers version.

Rogers member page has added an account activity field, similiar to Yahoo accounts so you can see login activity, and you could delete access to a foreign device I would suspect.

So the Rogers Yahoo model is still a work in progress and again, we will see what comes when it gets turned on.

Bruce

Best call in.  Not sure that Rogers officially monitors this forum.  I think some tech ppl live here unofficially but not sure they'd be able to call you.    If you are successful in reaching someone who is actually involved, as oppposed to a random CSR, do pls post what you learn.  

I had some interesting experiences on the account page today.  My plan was to create a dummy account for testing the Outlook side of things.  First issue was that I'm already at max 9 (incl some old accounts).  So I started looking at the old accounts with a view to reusing or replacing for the test.  A couple I could access just fine.  

But one, when I attempt to login takes me to the change password page, without saying why.  Once I got past an almost illegible capcha etc and a little bit of fun as to what was an accepible password (as a low priority low security account I started with one of my simple passwords - too simple however), I was rewarded with a screen saying "password cannot be changed at this time"!!  So I was stuck. Will try again tomorrow.   No obvious difference from the accounts I could access.  Created around the same time in the same way.  Fairly  inactive  for at least a year and some spam trickling in.  

---

@BS wrote:
The regular POP settings still work for your email client on your computer, and the advantage for some people is that you have an archived set of all your email on your computer or storage devices - say if you want permanent copies after you move to another email server.

 

 

---

You can have permanent copies with IMAP to.  Just configure your email client to download the messages, instead of just leaving them on the server.

Just for your info.

If you create an app password on a single account for Outlook on Windows, it will work for different computers, even in different households.  We have tried it; both computers using Outlook with POP3.

You do not need a different app password for "each" computer.

I apologize if this has already been answered.... long thread.

---

@ColdGranite wrote:

Just for your info.

 

If you create an app password on a single account for Outlook on Windows, it will work for different computers, even in different households.  We have tried it; both computers using Outlook with POP3.

 

You do not need a different app password for "each" computer.

 

I apologize if this has already been answered.... long thread.

 

 

 

 

 

---

I suspect one reason for having separate passwords is so that if a device is lost or stolen, you can block email access from it.

---

@JKnott wrote:

---

@ColdGranite wrote:

Just for your info.

 

If you create an app password on a single account for Outlook on Windows, it will work for different computers, even in different households.  We have tried it; both computers using Outlook with POP3.

 

You do not need a different app password for "each" computer.

 

I apologize if this has already been answered.... long thread.

 

 

 

 

 

---

 

I suspect one reason for having separate passwords is so that if a device is lost or stolen, you can block email access from it.

 

---

Yes, that would be nice, but I don't know if it is even possible?

Once you create an app-password "for Outlook on Windows" does not that mean that it would have to be for ALL your outlook clients on ALL your windows machines (for that one email account, if they all access the same email account).

If I "create a new app-password", that will have to be installed in ALL those clients...???