You must update your Rogers email account settings

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
I Plan to Stick Around
Posts: 97

Re: You must update your Rogers email account settings

First off, I have NOT received an e-mail regarding the update and imagine that I'm not alone.

 

I don't mind implementing new security measures but these instructions leave a lot to be desired,

 

So we have 5 computers, 4 email addresses, 4 different email clients. Is it one unique app password for each email client or one unique app password for each email address on each email client on each computer?

 

Am I changing 80 passwords or am I moving to a different email service.

 

Think someone from Rogers should clarify this to all Rogers clients, not every one reads this forum.

Highlighted
I Plan to Stick Around
Posts: 156

Re: You must update your Rogers email account settings

(Long reply, sorry, but there's a lot to say)

 

In summary, this seems to be quite a major change that is being foisted on us, without warning.  Considerable extra inconvenience for quite possibly less security than at present.  I have seen web discussions that suggest OAth has security vulnerabilities.

The web page that Rogers has put up is both confusing and ambiguous / incomplete, and I consider myself to have pretty good comfort level with technology.

 

In fairness. It seems Yahoo DOES have a problem of some sort.  My bank recently refused to email  a confirmation code for an unusually large transaction as I have a Yahoo mail account.  (It seems other types of email would have been fine, in my case I just switched to SMS, which doesn't strike me as overly secure either but thats what they seemed to like),

 

However, I'm not sure this is the solution.  I am QUITE sure this web page does not make the case, or make it clear who has to do what.

 

And not cut off dates are given.

 

....

 

I'll cover the detail in the same sequence as Rogers' web page 

 

Intro

They do not say exactly what is wrong with current username / password protocol?  If that's good enough for banking (regular transactions), it's good enough for email, surely?
Skipping ahead, this smells like a plot to discourage use of clients like Outlook.
I'm also concerned about impaired security, given the use of OAuth.  Here's one post but I have seen others n similar vein

https://en.m.wikipedia.org/wiki/OAuth

 

"Who doesn’t need to update their settings?"

How do I know if I used automatic Yahoo mail set up? (On iOS in my case). This was set up years ago and have absolutely no idea.

 

Who needs to update their settings?

Suggests I need to update as I use Outlook. Ok.

Not clear about use of POP or IMAP.  

I have IMAP accounts, and use Outlook, iOS, and web (Firefox) clients.

What about IMAP account accessed through web client?

So I'm going to have different passwords for the same email account on different clients? This is terrible.  I suppose I can switch the web client password to match the app password but that will be highly cumbersome.

[While I do have separate passwords each critical app or financial account, and then for various different categories of application or web sites, I do not see the need for this.  Especially as these "app passwords" are not under my control an so will not fit my password scheme]

 

What’s an “App Password” and why do I need it?

Random passwords are hard to remember. So now I have to write it down? That breaks rule 1.
And if I should want to change the password (which I would do periodically or if there is evidence of compromise of the providers' servers), can I do that?

 

How do I update my settings to use the App Password? [Outlook]

What I don't want to have my password remembered?

 

.....

 

Wrapping up.. this has come out of blue (to me anyway) with no introduction, discussion etc.   Unfortunately I'm somewhat captive as I have little appetite for changing email provider.  But surely we deserve a better roll-out than this.

 

 

 

 

 

 

 

 

 

Highlighted
I'm a Senior Advisor
Posts: 2,154

Re: You must update your Rogers email account settings

And to make things even more odd - I once had thunderbird set up on my laptop, so out of curiousity, I reinstalled it.

 

Pulled the email back from Yahoo with no issues and sent a new one with no issue.

 

And this client is sitting on a pop server setting, not IMAP.  Thought they were dropping POP due to security a few months back.

 

I was somewhat surprised, but not - nothing about the security problems related to Yahoo have been managed well by them, or by Rogers.  Go figure.

 

I will start with some positives - the access to Rogers Yahoo email layout is actually user friendly after how many years?  Good step.

 

Took a look at the creating a user password, which I didn't need for access to my thunderbird set-up - maybe it will only come into play on new registering of apps.

 

I saw that it creates a random set of letters 16 characters long - they tell you to put it into your application.

 

Obviously, this will not be possible to remember for any normal person - 7 characters is the max for most normal people - that is the reason for phone numbers that length, and drivers licenses, and breaking them up into 3 and 4 character fields.

 

So, we will end up putting them into our email clients, which them does not require the use of entry of the password on each entry, thereby bypassing any security if your computer is open.

 

This method is ludicrous and a real mediocre attempt at building higher level security.  The reality of human beings is that we will bypass it, and if we are hacked, then it will be our responsibility.

 

Even 2 stage authentatication is better than this insane method.  But, there are instructions on how to bypass all this sillyness - you can use two stage authentatication, or you can just go back to a regular password method.

 

https://help.yahoo.com/kb/SLN25921.html

 

Good luck and let us know everyone what you learn about working with this new method and what works best for you.

 

Bruce

Highlighted
I'm a Senior Advisor
Posts: 2,154

Re: You must update your Rogers email account settings

The more I read through this, and try things out myself, the more I see yet another poor implementation of application and server interfaces.  Add it to the legacy of voicemail access for home phone - security certificates and protocols last year, One number incompatability with new protocols, poor implementation of My Rogers, removing important features, poor layout originally on multiple browsers, and Navigatr, and its related Anyplace TV apps, etc.

 

I have come to the conclusion that Rogers is not able to implement anything without making it difficult, unworkable, poorly supported, or foisting it on us without adequate support in place and adequate testing.

 

So keep us up to date - Unlike the major competitor who has been with Microsoft email from day one, although there has been the occassional struggle as they changed Windows clients, but that was no different for any email server - Microsoft provided services whether it be email, or IPTV has proven to far exceed anything Rogers has tried to do.

 

Just my opinion.

 

Now let's hope they get the support in place so that people can seemlessly, and by the way, switchovers should be designed to be pretty much seemless.  It is not our fault if Yahoo and Rogers have made no changes to their email server models and interface with applications in over a decade at least, other than implementing IMAP.

 

It is not wonder they got hacked.

 

Add this to the list of things why I am not staying with Rogers - I used to always say that inspite of their strange pricing policies, inconsistent customer support, and frequent billing and set errors that took months to correct at times, at least the technology was stable and predictable.  I don't tell people that anymore, I say shop around and find the product design that you are most comofortable with, quality, online support, and callin support, and thought into how to support us through these changes.

 

Bruce

Highlighted
I Plan to Stick Around
Posts: 97

Re: You must update your Rogers email account settings

Still haven't received any info, email or otherwise about this change.

 

Why can't I find info about this elsewhere?

 

I just did a search and the only place this story shows up is in this forum and one post eleswhere by the OP.

 

Surely if Yahoo & Rogers are serious about improving security they would be making a better effort to COMMUNICATE with their clients.

Highlighted
I Plan to Stick Around
Posts: 156

Re: You must update your Rogers email account settings

Wondering if this mess originates with Yahoo or Rogers. Any one have experience with non Rogers Yahoo accounts?
I'm still gob smacked at how the average user will cope with this.
I wonder what sort of responses / feedback their call centers are getting.

At least one of my accounts is heavily dependant on Outlook.
Highlighted
I Plan to Stick Around
Posts: 156

Re: You must update your Rogers email account settings

Another thing that bothers me is 2 step authentication.   I often dont have my phone on me (its large so tends to sit on a table somewhere not in my pocket) so Im not sure what happens in that case.

 

Could someone please summarise what are the issues with username / password, assuming that the passwords are being well managed?

If the problem is people who do not have well managed passwords, maybe there are better ways to encourage better password management?

Highlighted
Resident Expert
Resident Expert
Posts: 14,246

Re: You must update your Rogers email account settings


@RichardF wrote:

Another thing that bothers me is 2 step authentication.   I often dont have my phone on me (its large so tends to sit on a table somewhere not in my pocket) so Im not sure what happens in that case.

 

Could someone please summarise what are the issues with username / password, assuming that the passwords are being well managed?

If the problem is people who do not have well managed passwords, maybe there are better ways to encourage better password management?


 

A good, strong, password is important.  Is the first step.

But a lot can depend on the other side.
If the side that the password is being entered into, doesnt have the right failsafes put in place to help stop other methods.
If a site doesnt have something as simple as not allowing X many attempts in a row or X many in a period of time..  A brute force password cracker may still get though some eventually over time.

Another big and most major thing, is KEYLOGERS.
Virus's are very oldschool now.. the bigger things are MALWARE and similar things.  These include keylogers.  Sometimes as simple as visiting a bad site, installs the keyloger in the background of your PC, which monitors key input.

Entering your username & password one time.. can be enough for them to now have it.

Using two factor authentication takes something out of their hands.
Sure they could keylog the code when you enter it at whatever time.. but that code is only good for usually 60-120 seconds.  They would have to receive the code and use imediately within that timeframe to actually use it.



Highlighted
I Plan to Stick Around
Posts: 86

Re: You must update your Rogers email account settings

I just took a look at the settings of Gmail.   Looks as if I can set up to export all Rogers mail to Gmail and then see it on my various devices  ( 3 PCs, Iphone,Ipad) as I wish. 

 

The whole things looks like a real pain.

Highlighted
Resident Expert
Resident Expert
Posts: 3,621

Re: You must update your Rogers email account settings


@BroSat wrote:

1. How is this not spam/phishing? The email I received today came from: rogers@email.rogers.com

 

2. The link in the email is: http://email.rogers.com/a/hBZEjvmB7RUsMB9bf2BCW5Iod8z/emailen

Looks illegitimate to me!!!


1. I get legitimate e-mails from this address at Rogers all the time regarding changes to my account - like changes to cable packages, cellphone offers, etc.

 

2. The link is different for everyone, however, it takes you to the following legitimate Rogers Support Page:

 

http://www.rogers.com/web/support/internet/email/442

 

The other links in the e-mail regarding MyRogers, Support and Community Forums are also legit. 

 

When you click on one of the (blue) links (like Member Centre or Webmail) in the support page with all the instructions, it takes you to an https (secure) connection.

 

3. My wife got her notice this morning and some other people have reported receiving similar notices. It looks like this is being rolled out slowly.  I haven't bothered to make the recommended changes yet to see where this thread goes first.  If you haven't received the e-mail and may be affected, you may wish to check your spam folder on your e-mail client or the spam folder in webmail in case it's there.

 

The support page explains who will be affected and not everyone is.