-Step Verification on Rogers Yahoo Mail does not work
I'm looking for multifactor verification for my rogers yahoo account. I saw this post here: http://communityforums.rogers.com/t5/Internet/2-Step-Verification-on-Rogers-Yahoo-Mail/m-p/356063#M3...
Unfortunately, even though it says your phone number is verified and authentication is enabled, it actually doesn't work and there is no 2nd authentication. I feel like this is a bigger security issue since it can lull people in a false sense of security since it claims it is enabled. I have logged into my email from multiple computers on different networks without ever being prompted for 2 factor authentication.
Am I correct that the change boils down to this:
YAHOO web mail & 'recent' iOS - nothing to do
Outlook... my current reasonably secure password that I can remember gets replaced by an impossible to remember ultra-long password that I will now have to store on the computer (I NEVER store passwords on the computer!).
And we now need a sep impossible to remember password for each device / account combo?
It doesn't surprise me that it would not be working.
The way things are set up by going to what used to be our account options in Yahoo, is now the new membership page, and there is no way to access 2 step authorization to turn it on or off, so I have to wonder if that link is even going anywhere anymore, or maybe it is put in and then it would have to be turned on.
No one from Rogers yet has been coming forward to say whether two step verfication is still available or not.
And how you would change the phone number on your mobile, it would appear to be impossible as you can't get to it via member account settings anymore.
I am staying away from trying anything until this mess is cleared up.
@RichardF If I am interpreting what has been put out there, you would be correct in what you just described.
Only way to keep your email secure on Outlook now is to put set up a user password for you as a local user.
You will have to remember to log out, or have it go to locked screen saver in a short duration. Your outlook access can be set to be password protected using the user login password for Windows, and setting it to not remember your credentials will require a log in each time you try to access your Outlook email .pst files.
You can also lock a .pst file which is the data files for outlook accounts.
This model is intended for situations where there are multiple users on the same computer and you want to keep your mail secure from the other users, but it also works well for a single user, although I have never required outlook to request my user password, even when I did share it. The password from the email server served that purpose.
So based upon what I have seen so far, I would suggest that you go ahead with the passkey setup, saving it, then put a password on the user account (you will need to log in as that user each time) using either your username and passord for the Windows user account, or on Windows 10, you may be using a PIN to access.
Then turn on the user name password protection to outlook, and that will secure your access to outlook, and you can forget about this whole scenario that Yahoo/Rogers is implementing. And yes, it appears that you will need a separate one for each device, but nothing to do on newer devices if you set it up using the yahoo automated setup process, and not the "other" setup.
Thunderbird isn't specifically on the list of mail clients that need to update. I realize that they can't list all clients, but since I use it I assume lots of others do too [self-deprecation]. Anyone know if this applys to Thunderbird?
Thunderbird and Seamonkey both support OAuth2. It's one of the choices under Authentication Method in the account settings.
I don't understand how a randomly generated password from some app I'm supposed to trust is "updating my email account settings" other than getting me to use a password that I didn't select myself.
Exactly. Also, what happens if I want to use two different Clients on two different devices. Will one of them now not work? It seems Rogers is just pushing everyone to use other e-mail services.
My understanding is that you can use "Add Another" for each client. Then each client will have it's own unique random number password and you copy the generated password to the email client. You use this method only if your email client does not support OAuth.
Can I opt out of this feature? I am happy with the way things are.
I have a cell phone on which I check my e-mail (leaving them on the server) and a desktop that uses Outlook where I download the messages.
How will this now work if I generate a password for the desktop using the Outlook flavor? Will my cellphone still be able to read the e-mail with this new password, even though it is not using Outlook?
Use "Add Another" to create a unique password for each client that doesn't otherwise support OAuth.
And this client is sitting on a pop server setting, not IMAP. Thought they were dropping POP due to security a few months back.
IMAP vs POP has nothing to do with security. They both can use the same password methods and SSL/TLS. The main difference is IMAP supports mulitple clients prperley and POP doesn't.
Thunderbird: I only see that OAauth2 for the SMTP server not for the POP server. Is that right? Or do I have to change to IMAP? I am running the very latest T'bird.