News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • AOL Account Security is Out of Date

    Posted on Kathy Stevens Comment on the AskWoody Lounge

    Home Forums Code Red – Security/Privacy advisories AOL Account Security is Out of Date

    Viewing 22 reply threads
    • Author
      Posts
      • #2302325 Reply
        Kathy Stevens
        AskWoody Plus

        We have a legacy Aol email account that continues to receive occasional emails from old contacts so we want to be able to continue monitoring it.

        We have recently started to receive emails from “Aol” saying that our account security is out of date and we need to update it.

        We are concerned about the possibility of a phishing attack.

        Is anyone else receiving the notice from Aol?

        See below

        “Hi AOL Member,

        Us again. Just a reminder that your AOL Mail account needs your attention before 20 October 2020. Security is incredibly important to us, and in order to keep your account safe we’re requiring an updated secure sign-in when accessing your account from unofficial or non-Yahoo apps.

        There are a few ways to keep your inbox running without interruption:

        Option 1: We recommend that you access your email using our free AOL app for iOS and Android or simply go to mail.aol.com to access AOL Mail on the web.

        Option 2: Keep your current, non-AOL app, BUT follow a few steps to get it to sync with our secure sign-in method. The steps vary across different email applications, but in most cases, you will have to remove your AOL account from the app and then add it back again to update the sign-in security. Use the links below to follow the specific steps for your current application:

        • iOS Mail
        • Gmail
        • Samsung Mail
        • Others

        Option 3: You can generate a one-time, unique password that will allow you to sign in to your account using your non-AOL email application. Once created, this password will continue to allow your app to securely sync your AOL email unless you sign out (or are signed out) from your app. You can find instructions on how to do this here.

        Want more details? Please visit our help page. If you’ve already taken action, you can skip the above and go back to doing what you love in your inbox.

        Thanks again for being an AOL Mail fan!”

      • #2302335 Reply
        Alex5723
        AskWoody Plus

        It doesn’t seem to be phishing as there are no links or requests for data/log-in…

        Take AOL’s advice for securing your mail account.

        1 user thanked author for this post.
      • #2302338 Reply
        Kathy Stevens
        AskWoody Plus
        • #2302342 Reply
          Alex5723
          AskWoody Plus

          All links are legitimate but in order to secure your account you need none.
          Just log in manually into your AOL account and secure the account following AOL instructions.
          Do the same within the 3rd party/non AOL app/software you are using to access AOL Mail..

          1 user thanked author for this post.
      • #2302344 Reply
        PKCano
        Da Boss

        This sounds like something I have seen before.
        I have an ATT email address I have had for years.
        Yahoo/OAuth took over the handling of ATT mail services.
        I use Thunderbird as my email client, and OAuth considers TBird (and Outlook and maybe your AOL app) as non-secure applications.
        They now require a 16-charachter passkey in place of the old password when using the clients (pwd stays the same on direct login to ATT though, not the passkey)

        There are at least three previous threads where I explain this. Read through and see if this is your case.

        #2242190, #2287985, and #2296287

        1 user thanked author for this post.
      • #2302343 Reply
        anonymous
        Guest

        ? says:

        hi KS,

        you could rt. click it and look at the header to see where it is from. i use iptracker online to get the info:

        https://www.iptrackeronline.com/

        if the message generates more than one ip use the one with the aterisk(*).

      • #2302350 Reply
        Charlie
        AskWoody Plus

        I still have an AOL account (one of my two email accounts) and I have not gotten anything like you describe from them.

        My memory is still good...but access time is down.

      • #2302375 Reply
        OscarCP
        AskWoody Plus

        I have not received an email such as the one that Kathy Stevens has. At least so far.

        If I were KS, I would login to my AOL account directly, not trough the link in that email, and look inside for any clarifying information. Also one could make a phone call, if necessary finding a number to call, if none is offered at the AOL site, through the Web site of “Talk to a Human” (in the US, at least), or of a similar organization there or elsewhere.

        I have an AOL account because Verizon, my ISP until a few years ago, bought AOL and farmed off the email business to this now subsidiary of theirs. From time to time since then I have received AOL emails advising me to install some application to increase my security that AOL saw as in need of being strengthened — or so those emails read. I’ve never bothered, because I never would even consider installing anything based on the recommendations and, or offerings, of parties I am not sufficiently familiar with, particularly when appearing out of the blue in my mailbox.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

        1 user thanked author for this post.
        • #2305103 Reply
          anonymous
          Guest

          Check your Spam.  I received it there.

      • #2302373 Reply
        anonymous
        Guest

        On the email I received, the Reply-To had this address:

        reply-@email.aol.net <reply-HP2v600000174fe32192dc358146e966f4578117@email.aol.net>

      • #2302372 Reply
        anonymous
        Guest

        I have an AOL account and have gotten this exact email, as has another family member.  I appreciate your post and suggestions.

      • #2302463 Reply
        anonymous
        Guest

        One month ago my wife and I with 5 Aol email accounts between us received this Aol notification. We methodically followed the instructions using option2 I wrote to Aol to ask if there was anyway they could check my procedures were carried out correctly to be told that they do not.Fair enough.

        Today both my wife and I have another ” Your account security is out of date “.

        This is starting to make me feel so unsure.

        Is this second notification a polite reminder?

        I would appreciate any suggestions.

        • #2302477 Reply
          Paul T
          AskWoody MVP

          The second may be a reminder, or it could be pointing out an issue you’ve overlooked.

          Is the email the same as the one above?
          If so, do you have a mail client that you use to access AOL, or do you use a browser?

          More details please.

          cheers, Paul

          • #2302567 Reply
            anonymous
            Guest

            Paul T ,

            Thanks for your response and logic.

            After completing the task set by AOL I then wrote to support the following

            Dear Sir/Madam,
            I am writing in relation to an Aol Team correspondence which included the following :
            We’ve noticed that you’re using non-AOL applications (such as third-party email, calendar, or contact applications) that may use a less secure sign-in method. To protect you and your data, AOL will no longer support the current sign-in functionality in your application starting on 20 October 2020. This means that you will need to take one of the steps below to continue using your AOL Mail without interruption.

            As there is an October deadline for members to work towards I am concerned about losing any part of the facility I have enjoyed all these years.
            I have carried out the suggested procedure which in this case is for Thunderbird connectivity.After carrying out the deletion and addition procedure everything is working for me as normal.
            My question:Is there any way I can check I am in line for the deadline and beyond?
            Thank you

            The support wrote  back

            Good day,
            Thank you for your reply.
            For privacy and security reasons, we don’t have access to this kind of information related to your account.

            So Paul T ,the latest notification. Subject of email informs me that “Your Account Security Is Out Of Date” telling me in the email that, Us again.Just a Reminder that your Aol account needs your attention before etc etc . Threw me off course quite a bit.

            I think you are right in suggesting that it may be a reminder.

            So I am going to calm down and continue to due date and fingers crossed into the future.Again thank you and thanks for providing this site for reference

      • #2302518 Reply
        anonymous
        Guest

        Had the same email several times; latest today.

        Looked on AOL site which says……..1.an aol icon appears after the sender and before the message. 2. The message itself once open has a “flag” at the top which says “official AOL Mail”

        Only if these 2 criteria are met is the message from AOL. The messages I’ve had did not so I’m assuming they are scams.

        1 user thanked author for this post.
        • #2302551 Reply
          EP
          AskWoody_MVP

          got that email recently and both criteria were met
          so the one I got IS legit

          1 user thanked author for this post.
      • #2302573 Reply
        anonymous
        Guest

        I want to keep my same password when updating my account security but I do not understand how to do it.  I called AOL and got a sales pitch on Life Alert!

      • #2302598 Reply
        anonymous
        Guest

        I  have an IPad and an Android phone.  How do I update my account security withou losing my password?

        • #2302797 Reply
          Paul T
          AskWoody MVP

          We don’t have detailed instructions for AOL security settings. You should visit the AOL site.

          cheers, Paul

        • #2302815 Reply
          EP
          AskWoody_MVP

          since I sometimes access my AOL email on my apple iPhone, I simply remove my AOL account from there and then add it back again – that’s what one of the instructions said from the AOL site

      • #2302791 Reply
        anonymous
        Guest

        Yes, this looks legit BUT peoples frustrating / experiences make it appear otherwise.  What makes me even more suspicious is that I have a client with a Yahoo account that received the same email using the October 20th date.

        I’ve instructed everyone to follow the guidance of this email from their browser login and NOT by clicking any links from the email reminder itself.

        As scams get more and more sophisticated each day, one MUST be more cautious than ever (even 2nd guessing those emails that are 100% legit)

      • #2302796 Reply
        Paul T
        AskWoody MVP

        Is there any way I can check I am in line for the deadline and beyond?

        Short of logging onto AOL and confirming the setup, no.

        If there is an issue post deadline, log onto AOL via your browser and check again – and ask here if required.

        cheers, Paul

      • #2302798 Reply
        agoldhammer
        AskWoody Plus

        @PKCano has the right answer here.  I was one of those who asked this same question a couple of weeks ago when I received a similar email from Yahoo.  If you use the company’s client app to read your email you need not do anything.  The issue comes when you use another email client, in my case Outlook 365.  In this case you need to get a new secure password.  It took me only two minutes to do this for my account and there were no issues at all.

        • #2302817 Reply
          EP
          AskWoody_MVP

          I also have a yahoo email account in addition to the existing aol email account but I do not receive the email message on my yahoo email and only for my AOL email.

        • #2302837 Reply
          Charlie
          AskWoody Plus

          I only access AOL through their website and have not gotten any security emails as described here.  I made a bookmark for the email link on their website (https://mail.aol.com) to make it a lot quicker to sign in.  AOL’s own email program was and possibly still is absolute **** from what I’ve read so I don’t use it or any other email program.  AOL provides all the necessary things on their website to do emails nicely.

          PKCano is right.

          My memory is still good...but access time is down.

      • #2302954 Reply
        PaulaB
        AskWoody Lounger

        I have also received this message several times.

        In response to Paul T’s query, “do you have a mail client that you use to access aol, or do you use a browser”:  I just type aol.com in my browser.  What are the implications of this access mode?

        • #2302958 Reply
          PKCano
          Da Boss

          If you are accessing AOL mail directly through your browser (and not using an email client such as Thunderbird, Outlook, of AOL’s mail client), you should be OK.

          The problem arises because those mail clients mentioned are considered insecure. So OAuth/Yahoo are requiring the creation and use of a 16-character passkey when using those clients to access mail on their servers.

          3 users thanked author for this post.
          • #2304246 Reply
            Win7and10
            AskWoody Lounger

            According to the reference articles I have read there is no mention of a 16 digit password, it is the sign in through the SSL server. Yahoo stopped serving the generic app over a year ago and you have to use their app or go on line via browser directly.

            Win 7 Home Premium x 64 SP1 (DELL INSPIRION i5) Still Alive!
            Win 10 Home 1909 (HP ENVY i7)

            • #2304299 Reply
              hhodges
              AskWoody Plus

              Yahoo adopted the ‘enhanced’ password assignment for outside (unsecure but still SSL) applications some time ago.  Some old school less popular email applications like Forte Agent, Pegasus, etc can use that password for continued POP/IMAP access.

      • #2303516 Reply
        hhodges
        AskWoody Plus

        I also have a legacy AOL account via their purchase of Compuserve and my email address from long ago, even the numeric name, lives on.  That account was also inherited from MicroNet which Compuseve adsorbed.  Hard to imagine an account that old, but except for the storage and minimal traffic all it means in the world is a MX assignment.  And yes I’ve gotten the notice that non-preferred applications like Outlook or Thunderbird will need a special new passkey for future access.  That can be done via an Aol.com website.  I suspect they think we ought to use their phone app, but I don’t want that on my phone – I really hate the need to enter info on a phone.

        I actually use their web interface mainly but still get those emails telling me about new security issues.  Going direct via their web interface should always work with a normal, usual password.

        1 user thanked author for this post.
      • #2304165 Reply
        anonymous
        Guest

        Trying to follow referenced aol instructions, but can only get version 5.15.0 from Google Play Store.  Instructions indicate version 5.2 is needed.

        If I have 5.15.0 will I be alright?

        • #2304455 Reply
          Paul T
          AskWoody MVP

          5.15.0 is generally a later release than 5.2, so you should be fine with that version.

          Releases tend to be major.minor.patch. So your example would be version 5, update 15, patch 0.

          cheers, Paul

      • #2304239 Reply
        Win7and10
        AskWoody Lounger

        From what I have read and determined, this is a generic email for al those not using an AOL app on their smart phones. When reading the AOL Help section on line, it was determined that you should be using the imap and smtp SSL protocols through your generic email app on your smart phone.

        When you have added your email in the past, there was an icon with AOL and a check mark on it in the generic email app. When you select that it directs you to their SSL protocol. From what I understand some have not used this method and they are asking to use these instructions for access. If you delete your account on your phone within the generic email app and assure that it has been added through the AOL icon provided, the SSL protocol is enabled. You can also check this under the MORE settings and see the SSL IMAP and SMTP servers in place to transmit the email back and forth to your phone. They are asking that this is in place to provide uninterrupted service.

        They have made it very vague and mysterious and their first their email bounced to the spam folder. This is why many are questioning the validity and what I have read regarding those who still have AOL email addresses.

        Per the reference articles:

        1. If possible, use the AOL app or mail.aol.com. Since AOL owns these services, we can ensure you’re always using the most secure sign-in technology when accessing your email.

        2. If you’d prefer to continue using your non-AOL email application, try removing and re-adding your account. Look for the <b>AOL logo</b> when you go to set it up again to activate the secure sign-in method.

        3. If removing and re-adding your account does not work, generate a third party password per their website.

        Most email software and applications have an account settings menu where you’ll need to update the IMAP or POP3 settings. When entering your account info, make sure you use your full email address, including @aol.com, and that the SSL encryption is enabled for incoming and outgoing mail.

        Win 7 Home Premium x 64 SP1 (DELL INSPIRION i5) Still Alive!
        Win 10 Home 1909 (HP ENVY i7)

        • This reply was modified 2 weeks ago by Win7and10.
        • This reply was modified 2 weeks ago by Win7and10.
      • #2304316 Reply
        anonymous
        Guest

        You are spot on … they pulled the same nonsense in Feb 2019….except rather than scare everybody by telling them to delete their mail account, they just told folks to use SSL.

      • #2304805 Reply
        anonymous
        Guest

        I got the same message, and I assume it is legit and necessary, but I’m worried about the following – Apple documentation says when I remove the account I will lose access to any mail on my computer.  I’ve stored all the mail on my computer, not in the server.  Apple says to back up the mail in a folder in the On My Mac section and I did.  I assume when I restore the account I will transfer those mails back into the mailbox, but I’m worried that it might not work, or I’ll s**** it up somehow…

        Not sure anyone can help me – just venting some anxiety…

      • #2305807 Reply
        anonymous
        Guest

        I am so confused. I am doing nothing and pray my email will still work. ugggg

        Jan

        • #2306599 Reply
          hhodges
          AskWoody Plus

          Well I suppose you will soon find out.  Should your email stop working.: Access Aol via the web https://login.aol.com/account/security  and at the bottom of that page you will find a way to generate a password for nearly any mail application.  That passphrase appears to be four sets of four alpha characters.  Simply change the password in your application to that pass phrase.

          There is a selection for Mac mail, etc.  It’s just changing the password to the one generated by AOL.

    Viewing 22 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: AOL Account Security is Out of Date

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.