With help from tech support updated my Outlook 2007 on PC with new generated password - worked fine.  Then, without warning the Outlook Mobile App on my Galaxy 6 started asking for a password.  Neither my original password, the generated password for my PC or the generated password for the Mobile App worked.  (Instructions clearly say no chane needed for Outlook Mobile App as part of this process.)

Call tech support and neded to be escalated to 2nd tier where Kav spent 88 minutes with me.  We could not get Oulook Mobile to let me log in.  Set up Yahoo Mobile App, reset passwords and ultimately ended up right back with my original password on both PC and phone and botth worked but Yahoo App is full of annoying ads.

Just for laughs I reinstalled Outlook Mobile and it works perfectly with my (reset) original password.

Total time spent on both upgrades - 2-1/2 hours!  Went around in a complete circle and everything is right back to where I started.  Did this improve my security???

Waiting for a callback from management HA HA HA  

@RichardF:

I'm seeing similar things in Outlook for Mac 2011.  In the previous 20 years or so, I have seen these glitches perhaps once or twice a year.  They are currently much more frequent.

- Instead of sending, occasionally the outgoing message has an issue and stays in my "outbox".  I may get a popup asking for my password, but I know that doesn't help based on past experience, so I cancel out of that popup and simply go into my Outlook outbox, open the message, try sending again, and it works fine the second time.

- When I open Outlook it's supposed to automatically download my e-mails, however, sometimes it says something like "waiting for messages" and "sticks" there.  After a while, sometimes the messages download, sometimes not.

- I've also had some older messages that were downloaded months ago turn up again in my Outlook inbox.  For this reason I always keep my Webmail inbox fairly empty to avoid downloading many e-mails that I've already seen.  I do this by filing the messages in Webmail folders that will not download again, or by deleting the message in Webmail (or via that option in Outlook).  I always keep one e-mail in my Webmail inbox to avoid seeing the spam video.

I put these issues down to glitches in the system as they're making these changes.  I have not yet made the recommended changes to passwords as I"m waiting for things to get ironed out first.

My guess is the authentication process is getting hammered.  But just a guess.   Hopefully it stabilises.

how do I update my email account?

So now after all has been done re updating my 8 email passwords for POP3....

All working fine as POPs.

When I tried logging on to webmail, I get a message along the line of "do you want to permit this computer to access this email" or some such.   I said "sure".   I log on with the "original" webmail password and I get in.

A day later, I try that with ANOTHER of my 8 accounts.  I am requested to "add" this account, and I get in BUT....

... when I get in, the 2nd email does not have the "account information" button under the login name.  ONLY ONE of the accounts "authorized" from this computer has that button, while the others DO NOT.

So how am I supposed to change the webmail password, and/or generate new "device passwords", since I cant get in to that part of the account???

---

@leephillips wrote:

how do I update my email account?

---

@leephillips

Note that No changes are required if you only check your email using Rogers Yahoo! Webmail. 

ie. If you are logging into Rogers email through Yahoo or another browser, just use your old password.

Assuming you are using an app like Outlook to get all your various emails, try this site for instructions:

 How-To-Updating-your-Rogers-Yahoo-Email-Settings

Remember it is really two Steps

1. using the Rogersmembercentre to get your 16 character password for each email, then

2. using the setup instructions for whatever email you are using with the generated password. 

This isn't the best approach as others have said on this thread, but what can you do. It's Rogers!

Good luck. 

A couple of questions

- When you put the application password in the Outlook dialog you've shown here, did it work? (Ie did the mail then get sent successfully)?

- Did you also check the "Save password in your password list" box? If you don't then it won't save the password, and you'll have to enter it (or another new application password) the next time. If you do check the box to save the password, though, it should save it and you won't need to enter it in future.

Hope this is helpful.

@jbraver  The last thing I ever expect from Rogers anymore is an acknowledgement of how poorly they may have implemented an change but at least you did finally get a responsible tech who would spend the time to work you through it.  My brother in law spent 5 days working with tech support before they finally got everything resolved.

Keep in mind that their family has many people who can guide them like myself, and their son who supports email systems for small business, doctor's and dentist offices, as well as business equipment and so forth.  He absolutely will not put any of his customers on Yahoo, period.

And I refused to help because number one, each person's issue is somewhat unique, and I am doing being a fill in for Rogers - I do it on the forum, but not for friends and family, and I provide it for the forum by making tech support me until I understand it enough and have tested at length to get it right and then try to communicate it, which I must say has not been the easiest thing to do with all the distracting communication about new protocols, and other things that raise questions, and just interfere with dealing with the steps provided.

I am glad they compensated you for your time and that you used the escalation process - escalation in my mind is also for "waste" of our time due to poor support - it is all part of customer service quality.  In away, that is an unspoken message that they were wrong and accept responsibility, but I wouldn't go looking for them to admit they did it poorly.

As for the issue of feeling like it is dumped on us as customers and it is our problem - I feel that comes from the responses to us - "did you follow the instructions?", try it again and let us know - how about try it again, walk us through it and don't hang up until we have implemented and tested every device and issue, so that they can verify that what they did resolved the issue rather than have us phone back over and over again, or try to dig it out of the forums, the FAQ's and so many different sources.

Glad you got it worked out.

Bruce

---

@SheamusPatt wrote:

A couple of questions

- When you put the application password in the Outlook dialog you've shown here, did it work? (Ie did the mail then get sent successfully)?

- Did you also check the "Save password in your password list" box? If you don't then it won't save the password, and you'll have to enter it (or another new application password) the next time. If you do check the box to save the password, though, it should save it and you won't need to enter it in future.

Hope this is helpful.

---

She said when she clicks ok the email gets sent.  I don't think she checked it off. 

I set it up this way though to remember the app password.  

---

@ti3 wrote:

There's an article on howtogeek.com about these app-specific passwords and how they are a band-aid solution at best and the security risks they pose.  Not a great solution Rogers. 

---

FYI.  When I tried to add a Google gmail account to my Outlook 2016 app, I got this message:

Are you the one who tried signing in?
Google will continue to block sign-in attempts from the app you're using because it has known security problems or is out of date. You can continue to use this app by allowing access to less secure apps, but this may leave your account vulnerable.

Basically Google wanted me to use the same app password procedure as Rogers or "allow access to less secure apps", by changing my Windows 10 settings which is a strange recommendation.  Facts are difficult to find on this, especially when "howtogeek" says the app password procedure isn't such a great solution.   

Yahoo mail, in their first iteration of making these changes had the same feature of providing the user the opportunity of updating to a new more secure email client, or accepting them as an unsecure app.

Rogers removed the ability to do this through bypassing the standard Yahoo account setup where they had the passkey mode, a 2 step activation and the accept insecure clients. Rogers prevents this by not giving you access to the broader options available to a Yahoo email account.

This practice of accepting insecure practices is actually more common than we think - if we use Chrome which does not permit Flash and some Java versions from running and you have to accept it on a one time only use, because producers of material refuse to drop the insecure models of Java and Flash.

So, yes it is a bandage and companies take different approaches to this ongoing issue of security versus old software.

Rogers has confused things considerable by creating their own interface for setup - rather than using the Yahoo one, which you could use their help docs and forums to guide you, but they have removed the ability to accept an insecure app as Yahoo and GMail have done.

All a compromise.  On current software/apps/device, it is creating a token that is baked into the security of the phone or device and cannot be found or compromised - no one ever sees the passkey.  Rogers took the middle ground of the model and prevented declaration of insecure apps, set in the passkey model, and permit in on only one device only and remembering the passkey.

As I mentioned, one more example of security moving faster than technology and a compromise model is created to allow less secure apps that we are happy with, and may not wish to change (we know it, it costs money to upgrade, etc).  I once had a customer who sat on Office 1997 version well past the support date because she knew it well and didn't want to change, so I created work arounds for her until we could not do it anymore - I recommended an upgrade to current software, she refused, I stopped supporting her.  She was back asking for support and a new computer and software about a year later.

Technology rolls forward as the people who hack it create a new way through as each new upgrade comes.

Bruce

The point that either Im missing or Roger is is that ...

With Outlook currently, for each account I have a different 'user password' that I have the option to require entry at each sign in (ie NOT remembered).   My practice differs between the accounts.   The point is, I have that choice.

Under the new protocol, I'm forced to use the remember / save password feature.   And, as the generated passwords do not fit my methodology for creating passwords for the various categories of application, I have to write it down somewhere in case it needs to be re-entered.  

Are the new passwords more secure than my own?  Possibly, until the password generating web site is hacked anyway.   Materially more secure?   That's an interesting question, as there would now seem to be a sort of herd immunity.   Under the new protocol hacking algorithms have to be set up for up to 16 char random keys which I think reduces the chance of cracking any old-style secure password even if only 8 chars.

---

A couple of comments clarifications, at least based upon thread comments, and research on OAuth(2), the new authentication protocol that is now standard in the whole industry, for connecting services like email to a device or other accounts.

@RichardF wrote:

The point that either Im missing or Roger is is that ...

With Outlook currently, for each account I have a different 'user password' that I have the option to require entry at each sign in (ie NOT remembered).   My practice differs between the accounts.   The point is, I have that choice.

 

Under the new protocol, I'm forced to use the remember / save password feature.   And, as the generated passwords do not fit my methodology for creating passwords for the various categories of application, I have to write it down somewhere in case it needs to be re-entered.  

Yes, you are right in that the new model, which is industry standard now, not a Rogers thing, they had to implement the changes as put forward by Yahoo and the industry has changed things in our thinking and use of authentication, password methods.

 

Yes, you are forced to use the remember/save password feature - no choice in that one.

 

 

 

Are the new passwords more secure than my own?  Possibly, until the password generating web site is hacked anyway.   Materially more secure?   That's an interesting question, as there would now seem to be a sort of herd immunity.   Under the new protocol hacking algorithms have to be set up for up to 16 char random keys which I think reduces the chance of cracking any old-style secure password even if only 8 chars.

 

The confusion that has been created in the presentation of this new protocol, not just Rogers, but Yahoo too, is that the 16 random letters are not a password (per se).

 

It is a work around to provide a method of linking the "insecure outlook and other models" - that is the words of the industry, not mine.  

 

That passkey is one time use only in that on the server authentication side, a secure RSA token key is created to make connection to the Yahoo servers.  Some how on our device side, a key is also created, I won't try to understand that process.

 

The passkey is used once and only once and tied to the features of your device, much like the registration keys are tied to OS and device features for authentication of authentic software.

This passkey, which we put in once and save, can never be used on any other device, and you can revoke it if your device is lost stolen, or damaged.

 

So, the issue is to remember that a password and a passkey are fundamentally not the same thing at all.  It just happens that the passkey which on our new devices is encrypted and unavailable and works through one time authentication processes, in the older software it is placed into the password field and saved in order to facilitate the creation of the encrypted keys linked to your and only your device/software combination.

 

So, I can understand that people are confused, and it is contradictory to everything we have been taught, and these steps exist only due to the legacy nature of the software.  They could have taken a more extreme process - just say these software are insecure and permit no access - this is a temporary measure knowing that all new computers and software have the new model baked in.

 

Hope this helps - change is not fun, but this one, we have no choice on.

 

Bruce

 

I use Seamonkey and Thunderbird for email.  They have OAuth2 available for authentication.  Why is this not used.  I currently am configured for Normal Password and used that 16 character password.

---

@BS wrote:

---

A couple of comments clarifications, at least based upon thread comments, and research on OAuth(2), the new authentication protocol that is now standard in the whole industry, for connecting services like email to a device or other accounts.

@RichardF wrote:

The point that either Im missing or Roger is is that ...

With Outlook currently, for each account I have a different 'user password' that I have the option to require entry at each sign in (ie NOT remembered).   My practice differs between the accounts.   The point is, I have that choice.

 

Under the new protocol, I'm forced to use the remember / save password feature.   And, as the generated passwords do not fit my methodology for creating passwords for the various categories of application, I have to write it down somewhere in case it needs to be re-entered.  

Yes, you are right in that the new model, which is industry standard now, not a Rogers thing, they had to implement the changes as put forward by Yahoo and the industry has changed things in our thinking and use of authentication, password methods.

 

Yes, you are forced to use the remember/save password feature - no choice in that one.

 

 

 

Are the new passwords more secure than my own?  Possibly, until the password generating web site is hacked anyway.   Materially more secure?   That's an interesting question, as there would now seem to be a sort of herd immunity.   Under the new protocol hacking algorithms have to be set up for up to 16 char random keys which I think reduces the chance of cracking any old-style secure password even if only 8 chars.

 

The confusion that has been created in the presentation of this new protocol, not just Rogers, but Yahoo too, is that the 16 random letters are not a password (per se).

 

It is a work around to provide a method of linking the "insecure outlook and other models" - that is the words of the industry, not mine.  

 

That passkey is one time use only in that on the server authentication side, a secure RSA token key is created to make connection to the Yahoo servers.  Some how on our device side, a key is also created, I won't try to understand that process.

 

The passkey is used once and only once and tied to the features of your device, much like the registration keys are tied to OS and device features for authentication of authentic software.

This passkey, which we put in once and save, can never be used on any other device, and you can revoke it if your device is lost stolen, or damaged.

 

So, the issue is to remember that a password and a passkey are fundamentally not the same thing at all.  It just happens that the passkey which on our new devices is encrypted and unavailable and works through one time authentication processes, in the older software it is placed into the password field and saved in order to facilitate the creation of the encrypted keys linked to your and only your device/software combination.

 

So, I can understand that people are confused, and it is contradictory to everything we have been taught, and these steps exist only due to the legacy nature of the software.  They could have taken a more extreme process - just say these software are insecure and permit no access - this is a temporary measure knowing that all new computers and software have the new model baked in.

 

Hope this helps - change is not fun, but this one, we have no choice on.

 

Bruce

 

Which of course begs the question as to why such a major mail client is not "secure".  Or, rather, begs the question of whether this is the best route.  MS obviously has a different view.

It would of course be utter cynicism to suspect any one of trying to freeze out rival mail apps or anything like that?