Announcements
You Could WIN A Year Of Wireless Service – Learn More!

Mentor

 • 

26 Messages

Fri, Sep 20, 2019 2:08 PM

Can't create secure email key for subaccounts

In the last few days, I've received urgent notices from AT&T/Yahoo demanding that I (immediately!) create secure email keys for all my AT&T/Yahoo email accounts.  More specifically, AT&T's documentation appears to say that access from Android Gmail is fine because Android Gmail uses OAuth; but access from Microsoft Office 365 Personal will soon be cut off unless I switch to a secure email key for each email account.

 

I have a primary AT&T/Yahoo email account, but also about 5 subaccounts.  With great difficulty I found the place on AT&T's web site (myATT) to create a secure email key, but it is hard-coded to apply only to the primary account.  There is no way to switch the Create Secure Email Key page to refer to a subaccount.  A support doc says to use a drop-down box at the top of the page, but there is no such drop-down box.

 

The situation is exacerbated by:

- AT&T's (deceitful) claim that this is a "reminder," even though I never received any such notice prior to the ones this week.

- AT&T's omission of a specific deadline.  Must I do this within a week?  A month?  Three months?

Responses

Accepted Solution

Official Solution

_xyzzy_

ACE - Expert

 • 

15K Messages

4 months ago

The Use OAuth or secure mail key for email apps article has been around since early 2018.  Up till now using OAuth or the secure mail key has always been optional.  Maybe they are planning for it to be a requirement and hence the warning email.   Once you create the keys for you primary and subaccounts it should only take a few minutes to change the password setting in each of your email client apps.

 

To create secure mail keys for subaccounts you have to log into myAT&T for each of those accounts individually.

___________________________________________________

This is a public forum and I am a customer just like you. Click "Like" if you feel this post is helpful and "Accept as Solution" if it solves your problem.

Award for Community Excellence 2019 Achiever*
*I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Mentor

 • 

26 Messages

4 months ago

Yes, I figured out that I had to log into myATT for each subaccount separately.

 

By the way, another email--which looked almost as authentic as AT&T's brief and shocking notice--claimed that AT&T was retiring old email domains (ameritech.net,sbcglobal.net, etc.).  The email told me to "click here and log in to learn what your new email domain will be."  I actually clicked on the link, but it went to a forms.office.com URL.  I then realized that it was bogus.

 

For those who don't know, forms.office.com is a tool and web site (thoughtfully provided by Microsoft!) for scammers to create fake login forms.

_xyzzy_

ACE - Expert

 • 

15K Messages

4 months ago

By the way, another email--which looked almost as authentic as AT&T's brief and shocking notice--claimed that AT&T was retiring old email domains (ameritech.net,sbcglobal.net, etc.).  The email told me to "click here and log in to learn what your new email domain will be."  I actually clicked on the link, but it went to a forms.office.com URL.  I then realized that it was bogus.

Yes others have reported that or similar phishing emails.  But that one is obviously phishing since (a) att would never retire all those domains and screw the email addresses of all those users and (b) the link (for those that posted the actual email here) is obviously not an att link.  Note, FYI, you should always be able to see what a link is actually pointing to (in web browsers and most email clients) by mousing over it (but not clicking it).  Somewhere in the app display (status bar, URL/location bar, popup, whatever) you should see the link that would be used if you clicked that displayed link.

 

If you apply this technique to this latest email about the secure key you will see a very long link containing a long character string which looks random but is actually an ASCII encoding for something that ends up going to the att OAuth article.  Usually seeing long hash strings like that in links is a warning that something is not what it seems.  Until this email's status is cleared up by the powers that be I'm recommending not clicking that link since it's not clear what else might happen by doing that.  But the end OAuth document is att's and legit.

___________________________________________________

This is a public forum and I am a customer just like you. Click "Like" if you feel this post is helpful and "Accept as Solution" if it solves your problem.

Award for Community Excellence 2019 Achiever*
*I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.