You must update your Rogers email account settings

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
I Plan to Stick Around
Posts: 156

Re: You must update your Rogers email account settings

A separate question.. I assume that this process would also apply on a Blackberry?  My wife will need access to her Rogers email on her phone.  

Highlighted
I'm a Senior Advisor
Posts: 2,154

Re: You must update your Rogers email account settings

Doing a bit of research, Microsoft integrated Oauth support into Outlook beginning with 2013, it is just that the process was a manual process as we see in the Yahoo Rogers model - when you consider setting an email connection say for Gmail, or Outlook.com on a phone now, using the defined yahoo, gmail, or outlook autoselection, it sets up the connection and setup of a secure device application related secure connection to the server by usually sending an SMS to a phone, or an alternative email, and you just confirm that you have set up the new email client.

 

Outlook and other apps that currently have OAuth did not have this ability to link back to the server and do the dual autorization with the confirmation to your other email or phone number by text, so the model became what Yahoo is currently doing.

 

Gmail and Yahoo and Outlook.com (hotmail) were using similiar models, such as a captua entry, or you could do 2 step authoriziation, or you could set using an unsecure app setting (which still exists in the full yahoo security settings, but Rogers is not giving access to those options, forcing directly to the creation of the individual passkeys per device/client.

 

I have taken a lot of time to review how we got to here with the Auth model - it has been backed into our phones for almost 4 years now - you could bypass it by setting up your email using the other, and POP server/IMAP server, SMTP server and appropriate SSL settings if needed.  But up until now Yahoo gave you the option to opt out totally (and still does, but I wouldn't be surprised if they removed the option in the future).

 

All major email companies were allowing for opting out by declaring your older clients as "unsecure apps", bypassing Oauth completely.  

 

Basically they made it easy for the older client users to bypass, but never told us that we were compromising our own security.  Now Yahoo has forced us in this direction, subsequently Rogers with them, and this whole business a workaround to allow those apps to use the OAuth protocols that were added since 2013, and now OAuth2 in 2016 onwards - 2013 does not support Oauth2, only Office 365 and 2016 onwards supports it, again the reason for the workarounds.

 

It is a pure workaround, to get a slightly higher level of security, but definitely an awkward workaound.

 

As for writing down the password, there is absolutely no reason to do so.  Once it is saved, you don't touch it again, unless you want to change it (good idea once in a while and yahoo actually in their system does force it at random times)  You have one created passkey per device/client(on each device) so in your case, yes quite a few, but if you can create it from the member page, copy and paste into each client, or if on a computer say, copy and past it to an email and then copy and paste it, then for security purposes, delete it.

 

So whether we like it or not, whether their seems to be better models, this is not a model that was created by Microsoft.  After lots of research it is a movement to requiring the highest security standard for all email services and clients, with a short term compromise for older clients where we had to use passwords, and the creation of the password in the member centre creates a one time passkey to enter in the password field, once you log in the first time, that client/device combination (each client on the device).  which associates that client device combination with the server and then does not let you use that passkey again for any other device.

 

If you lose the password somehow in your configuration, then you just go back, delete it in the member centre, and create a new one.

 

This is an industry wide change that most of us were unaware of, I spoke with a friend who supports on an international scale Outlook with connection to Exchange mail servers, and he said, the Oath (first one) was implemented in 2013, and companies could choose to not use it as it was off by default on the servers and Outlook clients, but they always enforced it, then by 2016, it became required by Exchange/Outlook 2016 clients, and we have seen it on our phones for a while in the comfirming the email setup through text or email.  We just didn't know anything about this change the most of us (I have worked in the industry for years, but now retired from it for almost 10 years, and have followed most things, but did not know about this one at all, but did recognize that something was happening, and didn't know about the outlook and other email client issue becauase I haven't used that model in 5 years now, so never knew it was happening.  No reason to know.

 

I have yet to figure out a short way to say all this - it is definitely complex, and I am just understanding it now after a lot of calls to my past buddies and research on my own.

 

 

But to close allow me to responde to this quote from @RichardF

 

"Am am I right that the ideal model would be a password to authenticate the client / device to the server, and then one user controlled password per account (common to all clients)?

so 4 system generated hidden passwords, and 4 user defined passwords in my case.   Not 16 generated passwords that in effect are my user passwords. "

 

What ever we may personally feel may be the ideal model, this is what the industry internationally came up with as a standard, and now email servers and companies are now beginning to enforce it rather than allowing for Oauth or 2 (as a user it appeared the same), a 2 step authorization, or just setting to allow use of less secure apps.

 

So we have no choice but to learn to use it and become comfortable, and decide whether we want implemented user control on the app level or OS level to keep prying eyes out when we step away.

 

In your case, your 16 individual passkeys (note I did not say passwords), are not just simple passwords, they are directly associated via security tokens with the passkey generation server, your email server and your email client - it just happens to work like your password did.  that is the way it works, so what more can I say, accept that we have to learn to use it, the current steps are very clear and specific and if unsure, call tech support.

 

And yes, if it is the Yahoo security model laying under the member centre, you will have to have one passkey, being put in and saved in your password under your email user name, for each client/device combination.

 

You don't need to write it down and save it, as you will not be using it again, and even if you did, and someone tried to use it on another device, it would not work (once Rogers turns it all on).  I know from testing a yahoo account, that it has to be different, and once you use that first email and passkey, if you then try to open the next one with the same passkey, it will tell you you used a one time passkey, and to go to the settings and create a new one.  For that you have to know your original password you have always remembered, and changed occassionally and made strong for security.

 

Sometimes in technology, we just have to grin and bare it.

 

I will now leave it to the techs to support people who need clarification on how to set it up, and I suspect that most techs may not either know why it is this way, or don't have time to actually explain the technical parameters and the history of first its weakness and changes 3 times to its current form, and that some older apps may just plain not be compatable.  It is like trying to run a MS XP - there is no security updates anymore, so it won't work with many things, or you really shouldn't do it.

 

Best of luck everyone, it is not far away.

 

Isn't change fun - not always, sometimes it can just be a pain, but some people need to put multiple locks on doors, alarms, security cameras, security patrols, depending upon the level of security you need.  Our personal information requires the highest levels of security that companies provide, and companies have, for our ease far too often let us opt out of the best practices.  It is long over due to force us to take responsibility for security, because it is not just our security, but everyone's - obviously Yahoo got caught in a major situation with the major hacks and this is one of the steps they are taking.

 

Bruce

 

 

Highlighted
I Plan to Stick Around
Posts: 86

Re: You must update your Rogers email account settings

This morning I started my PC, ran up email (Gmail and Rogers getting a normal  message on each) and then, using Chrome as usual went to my first bookmark as I always do, the Canadian Governments weather site.    Rogers superimposed a message on top of that site to tell me I needed to change my password etc. to go to the new scheme. One would have hoped that they would already know than and not need to send a message superimposed like that. 

Highlighted
I Plan to Stick Around
Posts: 287

Re: You must update your Rogers email account settings

I still have not seen or heard anything from  Rogers about this.  I guess these changes don't apply to me.  Smiley Wink

Highlighted
I Plan to Stick Around
Posts: 24

Re: You must update your Rogers email account settings

I assume that somewhere in these 15 pages, some answers have been found ...

After receiving these incessant emails all month, and twice wasting a lot of time trying to figure out wt* I was supposed to do
at the page to which I was sent, I gave up and called Rogers.

Me: To start, I am using a desktop computer and Thunderbird for email.
Rep: DO YOU HAVE A CELL PHONE?
Me: No.
Rep: THEN THIS DOESN'T APPLY TO YOU.

 

I don't use a cell phone, I don't know what an app is, and I'm now mad as *.

NOTHING in the incessant emails says THIS APPLIES ONLY IF YOU USE A CELL PHONE.

The rep, who obviously gets a lot of calls about this, said she had sent notes to whoever is responsible for this. I said please send them again and give my name. She said do you want them to call you? I said yes. She said maybe they will call me, may be they will fix the emails.

 

Yeah, right. This is Rogers.

The emails will continue until June 5.

 

And whoever is editing my post: please stop. I have an opinion of Rogers and I plan to state it.

Highlighted
Resident Expert
Resident Expert
Posts: 3,355

Re: You must update your Rogers email account settings


@bushwah wrote:


Me: To start, I am using a desktop computer and Thunderbird for email.
Rep: DO YOU HAVE A CELL PHONE?
Me: No.
Rep: THEN THIS DOESN'T APPLY TO YOU.

 

I don't use a cell phone...


This is totally counter to what has been discussed in this thread and the link in post 1.  I suggest that the CSR, to whom you spoke, is mistaken.



Highlighted
I Plan to Stick Around
Posts: 24

Re: You must update your Rogers email account settings

quote: This is totally counter to what has been discussed in this thread and the link in post 1.  I suggest that the CSR you spoke to is mistaken.

 

Well, I called the dedicated number in the email, 1-866-515-3047, and spoke to someone who deals only with this subject, from what I could tell.

 

I guess I could plough through 15 pages of this, with all the posts about things I neither know nor care about (cell phones and apps) and from people like me who haven't read all 15 pages, and try to find what has been said that actually relates to people using desktops only. But I'll probably wait until June 5 and see whether my email access dies, and then call Rogers and scream at somebody until they fix it.

 

Highlighted
I'm a Senior Advisor
Posts: 2,154

Re: You must update your Rogers email account settings

@bushwah  @57  Is correct, what you were told is not what the statements in the original post are.

 

http://www.rogers.com/web/support/internet/email/442

 

Who doesn’t need to update their settings?

No changes are required if you only check your email using Rogers Yahoo! Webmail. You can still use your username and personal password to log in as you normally do.

Customers who used the automatic Yahoo! setup option on the following mail clients are also good to go:

  • Mail on iPhones and iPads running iOS 9.0 and above
  • Mail on macOS 10.11/El Capitan and above
  • Users of the Gmail client on Android phones and tablets running Lollipop/5.0 or newer
  • Users of the Outlook Mobile app
  • Users of the Yahoo! Mail app

Who needs to update their settings?

Customers with Rogers Yahoo! email addresses who use an email client like Microsoft Outlook, Windows Live Mail, or Outlook Express, versions of macOS Mail older than macOS 10.11/ El Capitan, or others that get email using either POP or IMAP.

Customers using cell phones and tablets may also need to change their settings if they’re using older devices or have manually set up their device for POP or IMAP using the “Other” option instead of the Yahoo! option.

 

Note that they do not support clients other than the ones listed in the original post at the url above.

 

So, you are on a desktop on Thunderbird - yes you do have to do it - you can wait and yell,

 

But to aid you here are the directions..

 

I am using Windows 10 and most recent version of Thunderbird.

 

My instructions are based upon you will also have your account setup with the password - here are the changes you will do.

 

After following the instructions to create the App Password in the member centre:

 

You will have created a 16 digit random set of lower case letters - push the copy button.

 

 

Now to be honest, Thunderbird does not make it simple to understand how to change the saved password

 

At the top left in the Windows version (can't speak to other OS), see the 3 bar hamburger beside the search bar - Click the hamburger

- Choose options

- Choose security

- Choose passwords tab

- Click saved passwords

(note if you have a master password set - always a good idea so people can't access your passwords - enter it

- you need to click show passwords

- you will see a list of all accounts and passwords in your thunderbird

 

-  you need to click show passwords

- then in the menu from left click the selected account

- you will now see your password highlighted

- paste the app password from the member page into the password box

- Enter and back out

 

Then test to see if you can access the email - should be fine now.

 

Told you that it is not the most user friendly layout to do this.

 

Here is the best link I can find - depending upon your version, it may be the hamburger button, or the tools as it says in the reference

 

http://kb.mozillazine.org/Setting_and_changing_email_passwords

 

Best of luck on that one.  And yes, it was the number of the group dedicated to this issue, but sounds like you got someone who didn't fully understand what you asked.

 

Answer should probably gone like this.

 

Me: To start, I am using a desktop computer and Thunderbird for email.

Rep: we do not actually support any other clients other than the ones in the support document at ....

(if they do happen to know Thunderbird, they may help you, but more likely)

You will have to go to the documentation or support for your email client with Mozilla thunderbird.

 

Those instructions will guide you how to put in the App Password in the Password section of your software, and you will paste it as in the instructions for our supported apps.

 

You:  grumble, grumble - go to forums - one of us guide you through it.

 

Rep:  Now, do you have any of the support clients?

You: No

Rep: do you access your email on any cell phones

You: no

Rep:  Do you have any other questions I can help you with today.

You: thank you, grumble, grumble, off to forums you go.  Hopefully they may suggest you check the forums.

 

Unfortunately it is 15 pages long because there has been questions about the rationalle and answers, testing results on various clients, more people asking more questions, more answers, and so on - and as with a lot of threads, you and we get lost in the mud - It is unfortunate that the forum application does not have sub threads like many support sites have so you can look for the one most relevant to you.

 

Good luck - if stuck, try contacting me via PM and I may be able to walk you through it - I am not good at creating visual versions, or I would have done that.

 

This has been confusing for all from day one.  You are not alone.

 

Bruce

 

 

 

Highlighted
I Plan to Stick Around
Posts: 24

Re: You must update your Rogers email account settings

If my previous post had remained in the thread, we would have been able to see (as I actually said in the first place) that I diligently went to the link given in the email and read all of the incomprehensible nonsense there.

 

What I was told on the phone is what Rogers told me. If it's different from what's in the original post here, that's the way the cookie crumbles, I guess. It will be Rogers' cookie if and when everything goes south, and it will be Rogers' job to fix it, if Rogers gave me incorrect information. I didn't come here looking for support or advice or directions, actually. I came here to report what Rogers told me.

 

"After following the instructions to create the App Password in the member centre:"

 

I could not find instructions for creating an App password in the member centre.

 

I could not find ANYTHING in that unintelligible mass of verbiage.

 

I did end up somewhere where I attempted to change a password in response to prompts. It kept ignoring me.

 

I don't care whether Rogers does or does not "support" my "client". Rogers is apparently going to interfere with my access to my email, and Rogers can fix that.

 

I'm sorry to sound obstreperous and I understand you were trying to help. I will probaby try to decipher what you have said at some point. I'm not going to spend a lot of my actually quite valuable time, in pure money terms, doing it. I am a professional in my own field, not a computer programmer, and I really have no desire to understand or deal with any of this. I can only imagine my mother, whose 87th birthday is today and who has Rogers, trying to deal with this, if I hadn't got smart when we gave her a laptop for her 80th and taught her how to use it, and set her up with Gmail only in the first place. Frankly, I may just abandon Rogers for email altogether myself, as I now rely largely on Gmail anyway (with mail forwarded to my Rogers account) because of Rogers' huge unreliabilility in my area.

 

Thank you again, and I will consider your advice. I won't do what the Rogers rep did, and wish you a blessed day. If I could see a barf emoticon, I'd add it. 😉

 

Highlighted
I Plan to Stick Around
Posts: 8

Re: You must update your Rogers email account settings

So, here's the lay of the land for myself. I obtained a thing called an App Password by going through the Rogers process. I've stored that string of alphanumeric characters. And Rogers knows I have done so.

If I use my web browser (Chrome) to access the Rogers / Yahoo web mail page I don't need an App Password. Check. So no need for me to do anything on that front.

I use Thunderbird (latest version 51) as my email client on this computer. Thunderbird does not provide a mechanism for me to tell it what password to use. Period.

If and when Thunderbird fails to connect / authenticate with the Rogers / Yahoo server, due to rejected password for my account, Thunderbird will prompt me for a valid password. Then, and only then, will Thunderbird store that password for future use.

I can only sit and wait for the day that Thunderbird tells me the Rogers / Yahoo email server rejected my old password and asks me for the new Password (or App Password)  I'll give it the new string of alphanumeric characters and hope for the best.