cancel
Showing results for 
Search instead for 
Did you mean: 

You must update your Rogers email account settings

57
Resident Expert
Resident Expert

I got an e-mail on one of my e-mail accounts this morning. Interestingly I only got it on one of our accounts, not the other three accounts that my wife and I have.

 

At first I thought it was phishing, but it appears that people who use certain e-mail clients (like Outlook) will have to reconfigure those clients for a "new password" (app password).  Webmail  doesn't appear to require the change. 

 

The e-mail states:

 

Important: You must update your Rogers email account settings.
 
Protecting your data is as important to us as it is to you. Rogers is making several security upgrades and implementing a new authentication system to further protect you and your data.
 
Rogers requires you to update your email settings to continue using your email account.
 
It only takes a few minutes of your time to ensure you have uninterrupted access to your email.

 

There is a link as follows indicating the people who need to do this, as well as instructions on how to do it:

 

http://www.rogers.com/web/support/internet/email/442

 

Please excuse me if this is discussed elsewhere. I did try searching and didn't find a thread on this specific topic.

 

***EDITED LABELS***

326 REPLIES 326

Re: You must update your Rogers email account settings

RichardF
I plan to stick around

(Long reply, sorry, but there's a lot to say)

 

In summary, this seems to be quite a major change that is being foisted on us, without warning.  Considerable extra inconvenience for quite possibly less security than at present.  I have seen web discussions that suggest OAth has security vulnerabilities.

The web page that Rogers has put up is both confusing and ambiguous / incomplete, and I consider myself to have pretty good comfort level with technology.

 

In fairness. It seems Yahoo DOES have a problem of some sort.  My bank recently refused to email  a confirmation code for an unusually large transaction as I have a Yahoo mail account.  (It seems other types of email would have been fine, in my case I just switched to SMS, which doesn't strike me as overly secure either but thats what they seemed to like),

 

However, I'm not sure this is the solution.  I am QUITE sure this web page does not make the case, or make it clear who has to do what.

 

And not cut off dates are given.

 

....

 

I'll cover the detail in the same sequence as Rogers' web page 

 

Intro

They do not say exactly what is wrong with current username / password protocol?  If that's good enough for banking (regular transactions), it's good enough for email, surely?
Skipping ahead, this smells like a plot to discourage use of clients like Outlook.
I'm also concerned about impaired security, given the use of OAuth.  Here's one post but I have seen others n similar vein

https://en.m.wikipedia.org/wiki/OAuth

 

"Who doesn’t need to update their settings?"

How do I know if I used automatic Yahoo mail set up? (On iOS in my case). This was set up years ago and have absolutely no idea.

 

Who needs to update their settings?

Suggests I need to update as I use Outlook. Ok.

Not clear about use of POP or IMAP.  

I have IMAP accounts, and use Outlook, iOS, and web (Firefox) clients.

What about IMAP account accessed through web client?

So I'm going to have different passwords for the same email account on different clients? This is terrible.  I suppose I can switch the web client password to match the app password but that will be highly cumbersome.

[While I do have separate passwords each critical app or financial account, and then for various different categories of application or web sites, I do not see the need for this.  Especially as these "app passwords" are not under my control an so will not fit my password scheme]

 

What’s an “App Password” and why do I need it?

Random passwords are hard to remember. So now I have to write it down? That breaks rule 1.
And if I should want to change the password (which I would do periodically or if there is evidence of compromise of the providers' servers), can I do that?

 

How do I update my settings to use the App Password? [Outlook]

What I don't want to have my password remembered?

 

.....

 

Wrapping up.. this has come out of blue (to me anyway) with no introduction, discussion etc.   Unfortunately I'm somewhat captive as I have little appetite for changing email provider.  But surely we deserve a better roll-out than this.

 

 

 

 

 

 

 

 

 

Re: You must update your Rogers email account settings

BS
I'm a senior advisor

And to make things even more odd - I once had thunderbird set up on my laptop, so out of curiousity, I reinstalled it.

 

Pulled the email back from Yahoo with no issues and sent a new one with no issue.

 

And this client is sitting on a pop server setting, not IMAP.  Thought they were dropping POP due to security a few months back.

 

I was somewhat surprised, but not - nothing about the security problems related to Yahoo have been managed well by them, or by Rogers.  Go figure.

 

I will start with some positives - the access to Rogers Yahoo email layout is actually user friendly after how many years?  Good step.

 

Took a look at the creating a user password, which I didn't need for access to my thunderbird set-up - maybe it will only come into play on new registering of apps.

 

I saw that it creates a random set of letters 16 characters long - they tell you to put it into your application.

 

Obviously, this will not be possible to remember for any normal person - 7 characters is the max for most normal people - that is the reason for phone numbers that length, and drivers licenses, and breaking them up into 3 and 4 character fields.

 

So, we will end up putting them into our email clients, which them does not require the use of entry of the password on each entry, thereby bypassing any security if your computer is open.

 

This method is ludicrous and a real mediocre attempt at building higher level security.  The reality of human beings is that we will bypass it, and if we are hacked, then it will be our responsibility.

 

Even 2 stage authentatication is better than this insane method.  But, there are instructions on how to bypass all this sillyness - you can use two stage authentatication, or you can just go back to a regular password method.

 

https://help.yahoo.com/kb/SLN25921.html

 

Good luck and let us know everyone what you learn about working with this new method and what works best for you.

 

Bruce

Re: You must update your Rogers email account settings

BS
I'm a senior advisor

The more I read through this, and try things out myself, the more I see yet another poor implementation of application and server interfaces.  Add it to the legacy of voicemail access for home phone - security certificates and protocols last year, One number incompatability with new protocols, poor implementation of My Rogers, removing important features, poor layout originally on multiple browsers, and Navigatr, and its related Anyplace TV apps, etc.

 

I have come to the conclusion that Rogers is not able to implement anything without making it difficult, unworkable, poorly supported, or foisting it on us without adequate support in place and adequate testing.

 

So keep us up to date - Unlike the major competitor who has been with Microsoft email from day one, although there has been the occassional struggle as they changed Windows clients, but that was no different for any email server - Microsoft provided services whether it be email, or IPTV has proven to far exceed anything Rogers has tried to do.

 

Just my opinion.

 

Now let's hope they get the support in place so that people can seemlessly, and by the way, switchovers should be designed to be pretty much seemless.  It is not our fault if Yahoo and Rogers have made no changes to their email server models and interface with applications in over a decade at least, other than implementing IMAP.

 

It is not wonder they got hacked.

 

Add this to the list of things why I am not staying with Rogers - I used to always say that inspite of their strange pricing policies, inconsistent customer support, and frequent billing and set errors that took months to correct at times, at least the technology was stable and predictable.  I don't tell people that anymore, I say shop around and find the product design that you are most comofortable with, quality, online support, and callin support, and thought into how to support us through these changes.

 

Bruce

Re: You must update your Rogers email account settings

mrbrimi
I plan to stick around

Still haven't received any info, email or otherwise about this change.

 

Why can't I find info about this elsewhere?

 

I just did a search and the only place this story shows up is in this forum and one post eleswhere by the OP.

 

Surely if Yahoo & Rogers are serious about improving security they would be making a better effort to COMMUNICATE with their clients.

Re: You must update your Rogers email account settings

RichardF
I plan to stick around
Wondering if this mess originates with Yahoo or Rogers. Any one have experience with non Rogers Yahoo accounts?
I'm still gob smacked at how the average user will cope with this.
I wonder what sort of responses / feedback their call centers are getting.

At least one of my accounts is heavily dependant on Outlook.

Re: You must update your Rogers email account settings

RichardF
I plan to stick around

Another thing that bothers me is 2 step authentication.   I often dont have my phone on me (its large so tends to sit on a table somewhere not in my pocket) so Im not sure what happens in that case.

 

Could someone please summarise what are the issues with username / password, assuming that the passwords are being well managed?

If the problem is people who do not have well managed passwords, maybe there are better ways to encourage better password management?

Re: You must update your Rogers email account settings


@RichardF wrote:

Another thing that bothers me is 2 step authentication.   I often dont have my phone on me (its large so tends to sit on a table somewhere not in my pocket) so Im not sure what happens in that case.

 

Could someone please summarise what are the issues with username / password, assuming that the passwords are being well managed?

If the problem is people who do not have well managed passwords, maybe there are better ways to encourage better password management?


 

A good, strong, password is important.  Is the first step.

But a lot can depend on the other side.
If the side that the password is being entered into, doesnt have the right failsafes put in place to help stop other methods.
If a site doesnt have something as simple as not allowing X many attempts in a row or X many in a period of time..  A brute force password cracker may still get though some eventually over time.

Another big and most major thing, is KEYLOGERS.
Virus's are very oldschool now.. the bigger things are MALWARE and similar things.  These include keylogers.  Sometimes as simple as visiting a bad site, installs the keyloger in the background of your PC, which monitors key input.

Entering your username & password one time.. can be enough for them to now have it.

Using two factor authentication takes something out of their hands.
Sure they could keylog the code when you enter it at whatever time.. but that code is only good for usually 60-120 seconds.  They would have to receive the code and use imediately within that timeframe to actually use it.

Re: You must update your Rogers email account settings

timlocke
I plan to stick around

I just took a look at the settings of Gmail.   Looks as if I can set up to export all Rogers mail to Gmail and then see it on my various devices  ( 3 PCs, Iphone,Ipad) as I wish. 

 

The whole things looks like a real pain.

Re: You must update your Rogers email account settings

57
Resident Expert
Resident Expert

@BroSat wrote:

1. How is this not spam/phishing? The email I received today came from: rogers@email.rogers.com

 

2. The link in the email is: http://email.rogers.com/a/hBZEjvmB7RUsMB9bf2BCW5Iod8z/emailen

Looks illegitimate to me!!!


1. I get legitimate e-mails from this address at Rogers all the time regarding changes to my account - like changes to cable packages, cellphone offers, etc.

 

2. The link is different for everyone, however, it takes you to the following legitimate Rogers Support Page:

 

http://www.rogers.com/web/support/internet/email/442

 

The other links in the e-mail regarding MyRogers, Support and Community Forums are also legit. 

 

When you click on one of the (blue) links (like Member Centre or Webmail) in the support page with all the instructions, it takes you to an https (secure) connection.

 

3. My wife got her notice this morning and some other people have reported receiving similar notices. It looks like this is being rolled out slowly.  I haven't bothered to make the recommended changes yet to see where this thread goes first.  If you haven't received the e-mail and may be affected, you may wish to check your spam folder on your e-mail client or the spam folder in webmail in case it's there.

 

The support page explains who will be affected and not everyone is.

Re: You must update your Rogers email account settings

dms666cdn
I'm here a lot

I sent a Twitter message to @RogersHelps on how to implement this new App Password with multiple accounts, on multiple devices, with multiple software clients/apps.

 

They eventually got around to answering my question with this response (my emphasis added):

 

 

Sorry that you didn't find that helpful. I've looked into it for you and you just need to reset the password 1 time per email then enter that new password on each device that asks for the new password. Does that help clarify? 

Re: You must update your Rogers email account settings

AnneSimcoe
I plan to stick around

I have gried several times to generate a web password by following the directions provided  However, each time when I got to my account page and re-entered my email address and password, I got the following message:  "!We are sorry but the system is not available."

Re: You must update your Rogers email account settings

ColdGranite
I'm a senior contributor

@AnneSimcoe wrote:

I have gried several times to generate a web password by following the directions provided  However, each time when I got to my account page and re-entered my email address and password, I got the following message:  "!We are sorry but the system is not available."


That wouldn't be because it's been hacked, would it? Smiley Very Happy

Re: You must update your Rogers email account settings

mrbrimi
I plan to stick around

I'm still confused. I keep my original password for webmail and to access my Rogers email account settings.

 

My wife uses Windows Live Mail on TWO different computers. If she gets an app password for Windows Live Mail does that cover BOTH computers or does she require a separate app password for each?

 

In my case I have a desktop using Outlook, an Android tablet using Outlook Mobile app and two tablets using Windows 10 Mail app. I have more than one email account .

 

It appears that for each email account I need one app password for Outlook (Windows) and that I do nothing for Outlook (Android).

 

Same question about Windows 10 Mail as Windows Live Mail - is that one app password or one per machine?

 

UPDATE

 

Called the number given in the email for help. The tech couldn't help and transferred my call.

 

The next tech said I shouldn't worry about it until I had trouble with my email. He couldn't answer my questions and transferred my call.

 

Got the automated message and am now waiting for a call back.

 

Got dropped during the call back.

 

So called back. As I understand it (1) changes must be made within 30 days (2) it is one app password per email account per email client. So same password on Windows Live mail regardless of how many machines.

Re: You must update your Rogers email account settings

RichardF
I plan to stick around

Thats a REALLY intertesting response.   I guess they assume one never needs immediate access to email for critical msg(s)?

 

What is even more interesting is that the CSRs dont have scripts for this.

Rogers MANAGEMENT of tech issues (aside from the actual tech skills) has always been appaling.

You'd really think that a major change like this with its potential to annoy or inconvenience a lot of people would have been carefule stage managed.

Re: You must update your Rogers email account settings

AnneSimcoe
I plan to stick around

I don't think I have been hacked.  I am able to log in to see my emails, no problem. But when I click on my  "Account Info", it takes me to the following "rogersmembercentre" webpage: https://rogersmembercentre.com/rmcapp/remc.html#/signin

 

This takes me to a Welcome page that states:  

"A new and easy way to manage your Rogers email account.  Please login with your @rogers.com or @nl.rogers.com email address and password."

 

When I sign in on this Welcome page with my Rogers Email and Password, that is when I get the message, "We are sorry but the system is not available"  Has anyone else had this problem?  I am hoping that Rogers will review this issue and correct it.

Re: You must update your Rogers email account settings

BS
I'm a senior advisor

I think this one is going to be a confusing one for many of us.  It would appear that current apps, like:

 

  • Mail on iPhones and iPads running iOS 9.0 and above
  • Mail on macOS 10.11/El Capitan and above
  • Users of the Gmail client on Android phones and tablets running Lollipop/5.0 or newer
  • Users of the Outlook Mobile app
  • Users of the Yahoo! Mail app

On my current computers, I have also found that Microsoft Store version of Mail on Windows 10 if you set it up for Yahoo Mail configuration, worked fine, as well as the new version of Thunderbird which also gives the ability to set up without the app key.

 

My Q10 also had no issues again using Yahoo setup.

 

So guess if your app has the ability to set up with yahoo setup, it must be accepting the app.

 

I may dig out an old version of MS outlook which I don't have installed with my office, because I do everything via web mail.

 

So, it seems like there may be some who will run into issues - I can just imagine my father-in-law when his old Outlook setup fails, if it does, I will get a call and I will be saying, sorry dad, I don't have a clue - call tech support and have them walk you through it.  Grumble, grumble, swear.

 

Hope he has success.

 

Keep reporting your success and failures with going forward with this issue.  And I suspect we will not be able to get a consistent answer here on the forums until some of who test things can figure it out, and the exceptions to the posted information currently provided gets worked out.

 

I also do ask why this isn't high profile on the MyRogers page - yes it appears that some will get an email or notice, but why not keep it high profile in the logical places we go.

 

Bruce

Bruce

 

P.S.  and Rogers should be careful on this one - there are many out there, including myself that the only thing keeping us with Rogers is that we have had the email for decades and are reluctant to give it up.

 

Make it too difficult for those who have been happily just communicating and haven't touched our setups and it may be the last straw for us to leave.  

 

Except to change to IMAP, deal with the recent concerns for Yahoo hacks, the certificate issues, and now this - before that, all I ever did was reset up things when I upgraded computers or software, and they even had an online tool for a long time that set it up for us.

 

Surprised the competitor hasn't come out and started to advertise, we have reliable and easy to use email with Microsoft, easily accessable via any email client, their own products, or on any device out there.

 

We will have to see how this all goes, but it isn't looking pretty at the moment.

 

I will keep testing and try to find out a clear answer based upon my collection of apps, old and new.

 

Bruce

 

Re: You must update your Rogers email account settings

RichardF
I plan to stick around

If they make it high profile that will only increase the call volumes...

Re: You must update your Rogers email account settings

mrbrimi
I plan to stick around

Bruce: I'm not sure if you should take comfort in that your accounts are working today. The question is whether they will work 30 days from now when the changes go into effect. I was told that we had 30 days to make the changes after that time we won't be able to access our mail.

Re: You must update your Rogers email account settings

BS
I'm a senior advisor

@mrbrimi  Thanks for that update - I was wondering if there was a drop dead date - someone had asked earlier, but until you brought it forward there had been silence.

 

You know that deafening silence, we so often get from Rogers.  Just my opinion based upon the last few years of service that changes are ofen not reported well, or if at all, and support is often poorly implemented, and we often have to figure it out on our own, bit by bit.

 

So I revise everything I said about my apps - to be determined depending upon whether they keep working after the suggested 30 days.

 

And even though I can lock all my devices, I also secure my communications, using a strict regular change password design that is manageable, and very unlikely that anyone could ever figure out the original base, let alone how I choose to modify it every month.  I don't want to permentaly set in a saved password to my email.

 

That completely defeats security.  Uggh - Yahoo and Rogers (what a pair).

 

Bruce

Re: You must update your Rogers email account settings

mrbrimi
I plan to stick around

I do not understand the concept Yahoo is using. If the app password was unique to (1) the machine plus (2) the email client plus (3) the email account then I could see improved security.

 

But if it as stated by Rogers the app password is only unique to (1) the client plus (2) the account then I'm not sure what has been accomplished. Yes, it enforces stronger passwords beyond that I'm not sure.

 

It isn't a giant step upwards but it is sure to generate both concern and confusion for a large number of account users.

 

I have a password manager, I use randomly generated passwords of letters, numbers, symbols at least 12 characters and also change my passwords on a regular schedule. I don't share passwords with other accounts/sites. Most importantly I don't use Rogers/Yahoo email for any sensitive communications. 

 

 

Re: You must update your Rogers email account settings

ColdGranite
I'm a senior contributor

@ti3 wrote:

There's an article on howtogeek.com about these app-specific passwords and how they are a band-aid solution at best and the security risks they pose.  Not a great solution Rogers.  Here's the link:

https://www.howtogeek.com/199804/warning-your-%E2%80%9Capplication-specific-passwords%E2%80%9D-aren%...


Yes...

The biggie that I see is where somebody catches your personal password.  

 

Right now, if my password is captured by somebody, I change the password and move on.  

Under the new scenario, if my password is captured by somebody, they can log on and create an app password for themselves.  Now, not only do I have to change my personal password, but I must also revoke a rogue app password.

 

Am I right?