As I type this, it is March 27th and there’s still no resolution to the issues that Rogers has with their email offering. For those of you who are new to this, let me recap the sequence of events that has ben ongoing for almost the last month:
It started as a general outage, but what has dragged on for weeks is an issue with email. Anyone who uses Rogers email service (in other words they have a @Rogers.com address) cannot get their email. This is in part due to the fact that Rogers requires users to create App Specific Passwords via Rogers Member Center on each program or device that an email address is used on. The creation of new app specific passwords doesn’t work and existing app specific passwords appear to have been deleted in many cases. That pretty much breaks your applications that rely on them. There is a workaround, but that workaround is sub-optimal because viewing mail through a web browser is not the best experience. Especially on a smart phone. And they’re the fact that you might have to call Rogers to get someone to reset your email password if you don’t know what it is. The problem with that is that since this fiasco began, Rogers wait times to speak to someone have gone through the roof. Making that a sub-optimal experience as well for Rogers customers.
Now I’ve been asking my sources inside Rogers about this whole fiasco, and they’ve told me on background that this is entirely a Rogers issue that they have yet to figure out. Specifically with the underpinnings of their App Specific Password system which is bolted onto their email service which is provided by Yahoo. I’ll have more on Yahoo in a moment. But you’re likely wondering why Rogers uses App Specific Passwords in their email offering. Here’s the answer: Security.
If a threat actor manages to get your password, and that same password is used on all the mail clients that you use, the threat actor in theory has access to your email on any device. That would be the case with the majority of email systems out there. But by using App Specific Passwords, where every email client and/or device has a unique password, any sort of pwnage that a threat actor does is limited to the one device or application. At least in theory.
Sidebar: One of the ways that you can best protect yourself online is to use completely different password for each and every service that you use as that follows the logic that Rogers is using here.
My problem with this App Specific Password scheme by Rogers is that it adds a layer of complexity that most users have problems dealing with as going to the Rogers Members Center and generating a password to use with your email client and/or of choice is easy for someone like me, but complex for many of Rogers customers. And I have to admit, I do make a fair amount of money from this because I often get phone calls for help when a customer gets a new laptop or smartphone, and they want to get their email on it. In short,Rogers implementation of App Specific Passwords isn’t something that some Rogers customers can easily understand. If Rogers wanted to improve the security of their email service, my suggestion would be to enforce the use of complex passwords. For example, “password” is less secure than “P@$$w0rd” because the latter has special characters, a number and a capitalized letter that make the password harder for a threat actor to brute force or guess. I also assume that this would be easier for Rogers to implement, less likely to run into the issues that we’ve been seeing for the last month, and most importantly it would be secure.
Now if that’s not bad enough, there’s also the fact that the underpinnings of Rogers mail service is Yahoo. A company who doesn’t exactly have the best track record when it comes to privacy and security. And I suspect the latter is the reason why Rogers decided to bolt on App Specific Passwords to what Yahoo offers. In terms of the former, Rogers themselves got caught up a change to Yahoo’s terms of service back in 2018 where Yahoo had tried to give themselves the right to do whatever they wanted with your email. While Yahoo did eventually walk that back for Canadians, it didn’t end well for Rogers as it left a bad taste in the mouths of a lot of their customers.
Now I am continuing to monitor this as I now have over three dozen clients who are affected by this… And counting. And I am continuing to publish updates on this because somebody needs to bring this issue and Rogers continued silence on this problem to light. Plus since you can’t forward your email to another provider, or export it entirely so that you have a local copy of it, Rogers email users are stuck with Rogers until they figure out how to fix this. Though I will admit to working on a way to export Rogers email so that my clients who want to dump Rogers for another ISP, but want a copy of their email have an option to accomplish that. If I get something that is workable on Mac and PC, I will publish it here. In the meantime, for the sake of Rogers customers, I hope that one of Canada’s largest telcos gets its act together and figures this out. Because as I type this, Rogers has handled this whole situation quite poorly. Which frankly isn’t a surprise given their recent track record with how they handle major outages.
The Canadian Government Put Strings On The Rogers/Shaw Merger….. Not That It Makes A Difference….
Posted in Commentary with tags Rogers, Shaw, Videotron on April 1, 2023 by itnerdYesterday the Rogers/Shaw merger got approved by the Canadian government. That means less competition and higher prices for Canadians. But if you believe the Canadian government (Spoiler alert: I don’t) there are guardrails in place to make sure that this is a good deal for Canadians. Here’s the TL:DR for your perusal:
“As part of these agreements and conditions, Videotron:
“Separately, Rogers will also be subject to strict and legally binding commitments requiring them to make major investments to improve connectivity within the next 5 years, including:
“These agreements are subject to significant financial damages for non-compliance: up to $200 million in the case of Videotron and up to $1 billion in the case of Rogers. These agreements will be released publicly and are subject to annual reporting requirements.
“Should the parties fail to live up to any of their commitments, our government will use every means in our power to enforce the terms on behalf of Canadians.
Now that all sounds good and the potential fines sound big. Not to mention the potential fines are meant to encourage Videotron and Rogers to do everything on this list. But call me a skeptic, I really don’t see any of this bringing about more competition and lower prices. The problem with the Canadian telco space is that it’s an oligopoly. And this deal does nothing to address that. Until the folks in Ottawa figure out that there has to be a big foreign player that is allowed to enter the Canadian market, Canadians will continue to pay among the highest prices for their telco services.
1 Comment »