Secure Mail Key for att.net email address in Outlook

@-B-S-J- 

Don't know where you are looking but further down in the Additional secure mail key notes section look at Get one secure mail key for each email address.  So log into myAT&T using each subaccount's email address and password to create that subaccount's secure mail key.

@ace- Expert
Would a huge corporation actually send an email saying:

Please update or upgrade your email apps IMMEDIATELY. Failure to do so will interrupt your access to your email account. [Click this link]

It's hard to trust such a thing.

My dad is 93 yrs old & every few months he get an "AT&T" email saying more or less the same thing-- he has to update (some feature) immediately or he won't be able to access email... (Just click this link). They look malicious & I tell him to delete them. I assumed they were phishing. He's never had any email problems.

This forum has a few threads on the password change & there are many conflicting replies. I'm still not clear about whether my dad needs to change passwords. I think you said that it's not necessary to change anything unless you have problems accessing your email. But making the change does add an extra layer of security. Is there more to it?

This question is probably dumb: You said the key is an "application password". That idea makes sense, but is it tied to a specific application, or do you mean it just isn't stored in the AT&T system & user acct? When the user accesses email from different devices, they're using different apps (PC, phone, tablet). Does each device app need a different key, or is an "application password" just an extra password beyond the password already in place for particular email acct password?  GAAAAK! Language can be such a complicated way to communicate! 

@telorast 

It's hard to trust such a thing.

Yes, and given the wording and who sent it is why it's caused a lot of confusion.  But as it turns out in this particular case with the secure mail key, it's legit.  Read this.

This question is probably dumb: You said the key is an "application password". That idea makes sense, but is it tied to a specific application, or do you mean it just isn't stored in the AT&T system & user acct?

An application password is tied to a specific class of applications, e.g., email, calanders, etc.  Since att only supports application passwords for email apps (doesn't matter which email apps) they just called their one kind a secure mail key.

or is an "application password" just an extra password

It's not just an extra password.  It adds security to devices, particularly mobile devices.  If someone rips off your device and manages to figure out your account name (email address) and password then they could log into your myAT&T and see your billing info and any other personal info you might have in there and hack your account.  But with a secure mail key even if they can figure it out they can't get into your myAT&T account with that key (it's not your account password) and you can get into your account, change the secure mail key, thus keep them from even using the mail app on that device.

@ace- Expert

Thanks for the explanations. I'll set up my dad's account.

Suggestion for future customer emails:

It would help if the message said something real about the key instead of saying it "will keep your information even more secure", which is equivalent to saying blah, blah blah... If there was a short explanation of what the key is & what it does, people might actually want to use it instead of feeling threatened with loss of email access. The message may not be intended as a threat, but it comes across that way. It would actually make sense if there was an explanation like yours:

It's not just an extra password.  It adds security to devices, particularly mobile devices.  If someone rips off your device and manages to figure out your account name (email address) and password then they could log into your myAT&T and see your billing info and any other personal info you might have in there and hack your account.  But with a secure mail key even if they can figure it out they can't get into your myAT&T account with that key (it's not your account password) and you can get into your account, change the secure mail key, thus keep them from even using the mail app on that device.

@telorast 

Unfortunately I cannot control how att words their support articles.  I agree it would help a if the OAuth/secure mail key doc included some statement sort of like mine as the the reason for having a secure mail key.  Until I understood about their purpose I, like you, just considered it a another fancy password.

I posted about that document shortly after it came out in early 2018.  My complaint back then was the article referring to OAuth, and not explicitly saying it was OAuth1 or OAuth2.  They are incompatible with each other.  These days they almost certainly mean OAuth2 but they have never made that explicit in that article.  Since they haven't in all this time I wouldn't hold my breath for any additional explanations in there on the key.

I have manually configured the email accounts, and they are working fine now.  Thanks for your reply to my message.