Just as an FYI, I got an e-mail from Rogers when I started this thread several weeks ago on all my e-mail accounts. Recently I got a second e-mail on some of these accounts. (Rogers appears to spread out the times in my case over a period of days).
Today, we got a phone call regarding the issue. Unfortunately, my wife took the call, listened to some of it and then hung up thinking that I was already aware of the situation and was not interested in any more news on the topic, so I don't know the specific contents of that call.
Seems pretty difficult to avoid this in my case anyway. I have not yet made the changes since I'm letting this play out. I have learned from years of experience not to be the first in such cases.
Yes I got a call today. They gave a number to call for help 1-866-515-3047. Not sure if that's their standard tech support number (I have a different one but I've been using that for years). I called it quickly and there is indeed an intro msg and then a press 1 for help with this issue , press 2 for other. Don't have time now but will call them later and see if I can get my questions answered
I have 3 yahoo accounts. I received 3 emails. 2x now for each account. i am here but do not know what or how i am suppose to update my account. I could have sworn i did it already. now im sitting here saying wth.
One week later. I experimented. I followed the instructions and generated a password for my laptop that runs Outlook 2016 (POP3) . Entered it and it worked. My main PC running T'bird ( PoP3) also continued to work with the old password. So I tried that with the password I made last week and it didn't work. Generated a new T'bird password , entered it and it did work. I suspect these new passwords have a short life if they are not entered and used.
So I had already generated for my wife's machine, she also has T'bird (POP3) and her old password is still working. I bet the password I had generated won't work. Maybe next week I will generate and enter and see what happens. If it works then ok it is done but I still don't see the point.
Out of curiosity, previously in, say, Outlook did you
a) enter password every time
b) save password but change frequently
c) save and change infrequently
Also, did you have the same password for a given account on every client?
i suspect people answering a) or b) and 'yes' will have a fine old time under the new regime.
Just want to make sure that I understand.
My wife and I use Outlook Mac 2011 but with two separate identities. Mainly we use our iMac but we do use a MacBook Pro when travelling. We would need 4 App Passwords, Correct!?
Also we each have an iPhone and and iPad with account set up, so another 4 App Passwords??
And if, for what ever reason, I did have another email client we would need App Passwords for each account set up. Am I correct in these assumptions??
That is my understanding. I spoke to a CSR yesterday who was good at confirming what has to be done. He mentioned that there is a paste to clipboard option on the page to generate the passwords.
He was not able to answer any of my questions or comments as to how this will all work out in practice.
He did seem aware of the weaknesses in OAuth and thought that might be why Outlook was not using it. He suggested I could talk too Yahoo help centre.
He he thought cut over was imminent, maybe a week away.
So so I will probably go with the flow next week and see how it goes.
I don't relish the idea of moving off Rogers.
Thanks for the confirmation. This does not make a great deal of sense to,me as I/we will have to manage, perhaps, 16 password on all,the devices and clients. I guess that I should get started setting things up. Thanks again.
@RichardF Yes, the question I have had about OAuth is that Rogers has been using the term OAuth, which there are legitimate concerns about the security issues of the first 2 version of the security protocols. I would hope they have implemented OAuth 2 which is the most current and secure version to date and I would hope that they keep moving with the changes in that protocol as it becomes compromised over time. As with any security protocol model developed, the hackers are always one step ahead of them.
So the concerns are legitimate, but my experience is that Rogers has not always been up to date on security protocols, or their third party providers are not always up to date.
The challenge with the email clients is that they are not "baked" into the operating systems, which is providing the authentication by device, so it is just using a model of creating a reasonable unrepeatable or memorable password, requiring it on each device, and creates some kind of link to the software and device it sits on, so it mimics the OAuth.
And just a clarification on what I have learned - for those who are thinking that they can put the same passkey on every software/device, if implemented properly as Yahoo already has, it will not work - you will have to create a separate password from the Rogers member centre - it is a pain yes, but you only have to do it one time.
And for those talking about others seeing your email because the password is now saved. Put a lock password on your Windows, MAC, whaterver device, and if Windows, learn how to do user passwords and always log out when walking away - like corporate settings have done for over 15 years with outlook and Microsoft Exchange.
It is again, just a one time process to do it, and just search setting up secure individual outlook accounts, or setting up secure Windows users accounts. That is where your true security lies - unless you have password locked your .pst files in outlook, it was never secure anyway if you used POP and stored your email.
So yes, just do it as per the steps provided, and then you are ready.
Yes of course my various devices all have passwords (pin for iOS).
To be fair I can see the convenience of having passwords saved.
But I am nervous at losing control over the passwords, or more precisely the hassle of "changing passwords". I do that from time time and additionally whenever there is a concern.
I will now have 4 passwords per account to manage (and about 4 or 5 accounts including my wife's). Obviously I'm going to have all those those written down somewhere.
If OAuthxxx is so fantastic, why is Microsoft not incorporating that into Outlook?
Am am I right that the ideal model would be a password to authenticate the client / device to the server, and then one user controlled password per account (common to all clients)?
so 4 system generated hidden passwords, and 4 user defined passwords in my case. Not 16 generated passwords that in effect are my user passwords.