AOL Account Security is Out of Date

Topic

New Reply

We have a legacy Aol email account that continues to receive occasional emails from old contacts so we want to be able to continue monitoring it.

We have recently started to receive emails from “Aol” saying that our account security is out of date and we need to update it.

We are concerned about the possibility of a phishing attack.

Is anyone else receiving the notice from Aol?

See below

“Hi AOL Member,

Us again. Just a reminder that your AOL Mail account needs your attention before 20 October 2020. Security is incredibly important to us, and in order to keep your account safe we’re requiring an updated secure sign-in when accessing your account from unofficial or non-Yahoo apps.

There are a few ways to keep your inbox running without interruption:

Option 1: We recommend that you access your email using our free AOL app for iOS and Android or simply go to mail.aol.com to access AOL Mail on the web.

Option 2: Keep your current, non-AOL app, BUT follow a few steps to get it to sync with our secure sign-in method. The steps vary across different email applications, but in most cases, you will have to remove your AOL account from the app and then add it back again to update the sign-in security. Use the links below to follow the specific steps for your current application:

• iOS Mail
• Gmail
• Samsung Mail
• Others

Option 3: You can generate a one-time, unique password that will allow you to sign in to your account using your non-AOL email application. Once created, this password will continue to allow your app to securely sync your AOL email unless you sign out (or are signed out) from your app. You can find instructions on how to do this here.

Want more details? Please visit our help page. If you’ve already taken action, you can skip the above and go back to doing what you love in your inbox.

Thanks again for being an AOL Mail fan!”

Reply | Quote

Replies

It doesn’t seem to be phishing as there are no links or requests for data/log-in…

Take AOL’s advice for securing your mail account.

1 user thanked author for this post.

Kathy Stevens

Reply | Quote

There are links embed in the email including:

https://apps.apple.com/US/app/id646100661?mt=8

https://login.aol.com/?.src=guce-mail&lang=nb-NO&done=https%3A%2F%2Fmail.aol.com%2F

https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_2bea38c1-6c2c-4b5a-ba45-5f692a53b665#iosmail

https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_60d62524-513d-49a9-8c8c-5dede1d8c409#gmail

https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_42bb9af0-59eb-4a39-b82f-8c265ca66d70#samsungmail

https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_78ed96d3-361e-4137-9628-96b8409cc9bf#others

 

Reply | Quote

All links are legitimate but in order to secure your account you need none.
Just log in manually into your AOL account and secure the account following AOL instructions.
Do the same within the 3rd party/non AOL app/software you are using to access AOL Mail..

1 user thanked author for this post.

Kathy Stevens

Reply | Quote

This sounds like something I have seen before.
I have an ATT email address I have had for years.
Yahoo/OAuth took over the handling of ATT mail services.
I use Thunderbird as my email client, and OAuth considers TBird (and Outlook and maybe your AOL app) as non-secure applications.
They now require a 16-charachter passkey in place of the old password when using the clients (pwd stays the same on direct login to ATT though, not the passkey)

There are at least three previous threads where I explain this. Read through and see if this is your case.

#2242190, #2287985, and #2296287

2 users thanked author for this post.

Cybertooth, Kathy Stevens

Reply | Quote

? says:

hi KS,

you could rt. click it and look at the header to see where it is from. i use iptracker online to get the info:

https://www.iptrackeronline.com/

if the message generates more than one ip use the one with the aterisk(*).

Reply | Quote

I still have an AOL account (one of my two email accounts) and I have not gotten anything like you describe from them.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

I have not received an email such as the one that Kathy Stevens has. At least so far.

If I were KS, I would login to my AOL account directly, not trough the link in that email, and look inside for any clarifying information. Also one could make a phone call, if necessary finding a number to call, if none is offered at the AOL site, through the Web site of “Talk to a Human” (in the US, at least), or of a similar organization there or elsewhere.

I have an AOL account because Verizon, my ISP until a few years ago, bought AOL and farmed off the email business to this now subsidiary of theirs. From time to time since then I have received AOL emails advising me to install some application to increase my security that AOL saw as in need of being strengthened — or so those emails read. I’ve never bothered, because I never would even consider installing anything based on the recommendations and, or offerings, of parties I am not sufficiently familiar with, particularly when appearing out of the blue in my mailbox.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Charlie

Reply | Quote

Check your Spam.  I received it there.

Reply | Quote

On the email I received, the Reply-To had this address:

reply-@email.aol.net <reply-HP2v600000174fe32192dc358146e966f4578117@email.aol.net>

Reply | Quote

I have an AOL account and have gotten this exact email, as has another family member.  I appreciate your post and suggestions.

Reply | Quote

One month ago my wife and I with 5 Aol email accounts between us received this Aol notification. We methodically followed the instructions using option2 I wrote to Aol to ask if there was anyway they could check my procedures were carried out correctly to be told that they do not.Fair enough.

Today both my wife and I have another ” Your account security is out of date “.

This is starting to make me feel so unsure.

Is this second notification a polite reminder?

I would appreciate any suggestions.

Reply | Quote

The second may be a reminder, or it could be pointing out an issue you’ve overlooked.

Is the email the same as the one above?
If so, do you have a mail client that you use to access AOL, or do you use a browser?

More details please.

cheers, Paul

Reply | Quote

Paul T ,

Thanks for your response and logic.

After completing the task set by AOL I then wrote to support the following

Dear Sir/Madam,
I am writing in relation to an Aol Team correspondence which included the following :
We’ve noticed that you’re using non-AOL applications (such as third-party email, calendar, or contact applications) that may use a less secure sign-in method. To protect you and your data, AOL will no longer support the current sign-in functionality in your application starting on 20 October 2020. This means that you will need to take one of the steps below to continue using your AOL Mail without interruption.

As there is an October deadline for members to work towards I am concerned about losing any part of the facility I have enjoyed all these years.
I have carried out the suggested procedure which in this case is for Thunderbird connectivity.After carrying out the deletion and addition procedure everything is working for me as normal.
My question:Is there any way I can check I am in line for the deadline and beyond?
Thank you

The support wrote  back

Good day,
Thank you for your reply.
For privacy and security reasons, we don’t have access to this kind of information related to your account.

So Paul T ,the latest notification. Subject of email informs me that “Your Account Security Is Out Of Date” telling me in the email that, Us again.Just a Reminder that your Aol account needs your attention before etc etc . Threw me off course quite a bit.

I think you are right in suggesting that it may be a reminder.

So I am going to calm down and continue to due date and fingers crossed into the future.Again thank you and thanks for providing this site for reference

Reply | Quote

Please see #2302344 above.

Reply | Quote

Had the same email several times; latest today.

Looked on AOL site which says……..1.an aol icon appears after the sender and before the message. 2. The message itself once open has a “flag” at the top which says “official AOL Mail”

Only if these 2 criteria are met is the message from AOL. The messages I’ve had did not so I’m assuming they are scams.

1 user thanked author for this post.

Charlie

Reply | Quote

got that email recently and both criteria were met
so the one I got IS legit

1 user thanked author for this post.

OscarCP

Reply | Quote

I want to keep my same password when updating my account security but I do not understand how to do it.  I called AOL and got a sales pitch on Life Alert!

Reply | Quote

Please see #2302344 above.

Reply | Quote

I  have an IPad and an Android phone.  How do I update my account security withou losing my password?

Reply | Quote

We don’t have detailed instructions for AOL security settings. You should visit the AOL site.

cheers, Paul

Reply | Quote

since I sometimes access my AOL email on my apple iPhone, I simply remove my AOL account from there and then add it back again – that’s what one of the instructions said from the AOL site

Reply | Quote

Yes, this looks legit BUT peoples frustrating / experiences make it appear otherwise.  What makes me even more suspicious is that I have a client with a Yahoo account that received the same email using the October 20th date.

I’ve instructed everyone to follow the guidance of this email from their browser login and NOT by clicking any links from the email reminder itself.

As scams get more and more sophisticated each day, one MUST be more cautious than ever (even 2nd guessing those emails that are 100% legit)

Reply | Quote

anonymous wrote:

Is there any way I can check I am in line for the deadline and beyond?

Short of logging onto AOL and confirming the setup, no.

If there is an issue post deadline, log onto AOL via your browser and check again – and ask here if required.

cheers, Paul

Reply | Quote

@PKCano has the right answer here.  I was one of those who asked this same question a couple of weeks ago when I received a similar email from Yahoo.  If you use the company’s client app to read your email you need not do anything.  The issue comes when you use another email client, in my case Outlook 365.  In this case you need to get a new secure password.  It took me only two minutes to do this for my account and there were no issues at all.

Reply | Quote

I also have a yahoo email account in addition to the existing aol email account but I do not receive the email message on my yahoo email and only for my AOL email.

Reply | Quote

I only access AOL through their website and have not gotten any security emails as described here.  I made a bookmark for the email link on their website (https://mail.aol.com) to make it a lot quicker to sign in.  AOL’s own email program was and possibly still is absolute **** from what I’ve read so I don’t use it or any other email program.  AOL provides all the necessary things on their website to do emails nicely.

PKCano is right.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

I have also received this message several times.

In response to Paul T’s query, “do you have a mail client that you use to access aol, or do you use a browser”:  I just type aol.com in my browser.  What are the implications of this access mode?

Reply | Quote

If you are accessing AOL mail directly through your browser (and not using an email client such as Thunderbird, Outlook, of AOL’s mail client), you should be OK.

The problem arises because those mail clients mentioned are considered insecure. So OAuth/Yahoo are requiring the creation and use of a 16-character passkey when using those clients to access mail on their servers.

3 users thanked author for this post.

Win7and10, hhodges, PaulaB

Reply | Quote

According to the reference articles I have read there is no mention of a 16 digit password, it is the sign in through the SSL server. Yahoo stopped serving the generic app over a year ago and you have to use their app or go on line via browser directly.

Win 10 Home 22H2

Reply | Quote

Yahoo adopted the ‘enhanced’ password assignment for outside (unsecure but still SSL) applications some time ago.  Some old school less popular email applications like Forte Agent, Pegasus, etc can use that password for continued POP/IMAP access.

Reply | Quote

I also have a legacy AOL account via their purchase of Compuserve and my email address from long ago, even the numeric name, lives on.  That account was also inherited from MicroNet which Compuseve adsorbed.  Hard to imagine an account that old, but except for the storage and minimal traffic all it means in the world is a MX assignment.  And yes I’ve gotten the notice that non-preferred applications like Outlook or Thunderbird will need a special new passkey for future access.  That can be done via an Aol.com website.  I suspect they think we ought to use their phone app, but I don’t want that on my phone – I really hate the need to enter info on a phone.

I actually use their web interface mainly but still get those emails telling me about new security issues.  Going direct via their web interface should always work with a normal, usual password.

1 user thanked author for this post.

Paul T

Reply | Quote

Trying to follow referenced aol instructions, but can only get version 5.15.0 from Google Play Store.  Instructions indicate version 5.2 is needed.

If I have 5.15.0 will I be alright?

Reply | Quote

5.15.0 is generally a later release than 5.2, so you should be fine with that version.

Releases tend to be major.minor.patch. So your example would be version 5, update 15, patch 0.

cheers, Paul

Reply | Quote

[Win7and10]

From what I have read and determined, this is a generic email for al those not using an AOL app on their smart phones. When reading the AOL Help section on line, it was determined that you should be using the imap and smtp SSL protocols through your generic email app on your smart phone.

When you have added your email in the past, there was an icon with AOL and a check mark on it in the generic email app. When you select that it directs you to their SSL protocol. From what I understand some have not used this method and they are asking to use these instructions for access. If you delete your account on your phone within the generic email app and assure that it has been added through the AOL icon provided, the SSL protocol is enabled. You can also check this under the MORE settings and see the SSL IMAP and SMTP servers in place to transmit the email back and forth to your phone. They are asking that this is in place to provide uninterrupted service.

They have made it very vague and mysterious and their first their email bounced to the spam folder. This is why many are questioning the validity and what I have read regarding those who still have AOL email addresses.

Per the reference articles:

1. If possible, use the AOL app or mail.aol.com. Since AOL owns these services, we can ensure you’re always using the most secure sign-in technology when accessing your email.

2. If you’d prefer to continue using your non-AOL email application, try removing and re-adding your account. Look for the <b>AOL logo</b> when you go to set it up again to activate the secure sign-in method.

3. If removing and re-adding your account does not work, generate a third party password per their website.

Most email software and applications have an account settings menu where you’ll need to update the IMAP or POP3 settings. When entering your account info, make sure you use your full email address, including @aol.com, and that the SSL encryption is enabled for incoming and outgoing mail.

Win 10 Home 22H2

• This reply was modified 4 years, 5 months ago by Win7and10.
• This reply was modified 4 years, 5 months ago by Win7and10.

Reply | Quote

You are spot on … they pulled the same nonsense in Feb 2019….except rather than scare everybody by telling them to delete their mail account, they just told folks to use SSL.

Reply | Quote

I got the same message, and I assume it is legit and necessary, but I’m worried about the following – Apple documentation says when I remove the account I will lose access to any mail on my computer.  I’ve stored all the mail on my computer, not in the server.  Apple says to back up the mail in a folder in the On My Mac section and I did.  I assume when I restore the account I will transfer those mails back into the mailbox, but I’m worried that it might not work, or I’ll s**** it up somehow…

Not sure anyone can help me – just venting some anxiety…

Reply | Quote

Wise to back up, not sure why you need to “remove the account”.  Did you try to update via https://help.aol.com/articles/update-to-latest-aol-mobile-app-version?

If you are not using the AOL application under IOS (Apple) then that application will need the passphrase generated by AOL via web access.

It’s hard to track threading by “anonymous” postings….

Reply | Quote

I am so confused. I am doing nothing and pray my email will still work. ugggg

Jan

Reply | Quote

Well I suppose you will soon find out.  Should your email stop working.: Access Aol via the web https://login.aol.com/account/security  and at the bottom of that page you will find a way to generate a password for nearly any mail application.  That passphrase appears to be four sets of four alpha characters.  Simply change the password in your application to that pass phrase.

There is a selection for Mac mail, etc.  It’s just changing the password to the one generated by AOL.

Reply | Quote

I follow these instructions and get passwords for ipad, iphone and desktop and us them but in three days I get the same message and I cannot get my emails. Why?

Reply | Quote

“I get the same message and I cannot get my emails. Why?”

What does the message say?  Did you change the password on those devices to that pass phrase given to you by AOL?  What happens when you attempt to login?

Can you access your mail using mail.aol.com?

Reply | Quote