[fergusd]

Yesterday I lost my Work EAS account (so not just all Email but all Contacts and Calendar too). The server was, and remains, outlook.office365.com but won't now allow me access - ("Your account is blocked"). Conversely, my Outlook account (eas.outlook.com) survives intact. I'm guessing that Work have either upgraded something or enhanced their defences and thus somehow defeated BB10. Nor can I use an Apple device running iOS 6, though iOS 11 still permits unfettered access. (I thought EAS was EAS, end of.)
Have you had a similar experience with any EAS account and is there a workaround?
For me this is a real killer. We all have our own BB10 final straws, I am sure. If there is not a solution, i think I have read of a Nokia (??) which allows calls, texts and EAS and thus the essential trio of mail, contacts, calendar?? I would loathe to move to Android or iOS.

[conite]

Yesterday I lost my Work EAS account (so not just all Email but all Contacts and Calendar too). The server was, and remains, outlook.office365.com but won't now allow me access - ("Your account is blocked"). Conversely, my Outlook account (eas.outlook.com) survives intact. I'm guessing that Work have either upgraded something or enhanced their defences and thus somehow defeated BB10. Nor can I use an Apple device running iOS 6, though iOS 11 still permits unfettered access. (I thought EAS was EAS, end of.)
Have you had a similar experience with any EAS account and is there a workaround?
For me this is a real killer. We all have our own BB10 final straws, I am sure. If there is not a solution, i think I have read of a Nokia (??) which allows calls, texts and EAS and thus the essential trio of mail, contacts, calendar?? I would loathe to move to Android or iOS.

Your administrator needs to provide you with an app-specific password to use with the HUB. But, they may not want to bother.

[fergusd]

Thank you. I have put the request to IT.
Very dispiriting. Admin's solution to a iOS v.11 user was "Un install your account then Re install it" and apparently for that user this strategy worked. As well as 2 BB10 devices this household has a iOS v.6 and a iOS v.9 device. Re installation of the Work EAS account failed on all 4 machines having previously worked on all 4 up to last Thursday. Haven't a clue how to stitch all these findings together.
I would not have called my work global- or nation-critical in any sense and it is not a financial institution. We all use BYOD (Bring Your Own Device - have I remembered the acronym right?). I wonder whether IT will retract their recent strengthened protections (or even fully understand them).

Posted via CB10

[howarmat]

you really need more secure devices. those are all very very old and unsecure

[Chuck Finley69]

Thank you. I have put the request to IT.
Very dispiriting. Admin's solution to a iOS v.11 user was "Un install your account then Re install it" and apparently for that user this strategy worked. As well as 2 BB10 devices this household has a iOS v.6 and a iOS v.9 device. Re installation of the Work EAS account failed on all 4 machines having previously worked on all 4 up to last Thursday. Haven't a clue how to stitch all these findings together.
I would not have called my work global- or nation-critical in any sense and it is not a financial institution. We all use BYOD (Bring Your Own Device - have I remembered the acronym right?). I wonder whether IT will retract their recent strengthened protections (or even fully understand them).

Posted via CB10

Probably not since it may be due to a system update requirement on their end. Most businesses now have to abide by every increasing privacy standards if maintaining any type of customer information such as name and contact information.

The system or the company itself may have decided or experienced a certain situation that forced this external or internal policy change. Why do you think IT wouldn’t understand their strengthened protocols if they implemented them? If your IT didn’t implement then it would be most likely be a forced upgrade beyond their control? More importantly, why, for any reasons, would you want to be using unsecured ancient protocols exposing your personal data and network? That’s against everything using BlackBerry devices is supposed to accomplish.

[app_Developer]

Email systems have had a lot of vulnerabilities over the years and they are a target for criminals, even if you aren’t directly involved in financial services.

On the iOS side, running 6 or 9 means you’re running with all of the vulnerabilities which have already been published so the entire world knows about the holes. That seems extremely risky.

[Dunt Dunt Dunt]

Thank you. I have put the request to IT.
Very dispiriting. Admin's solution to a iOS v.11 user was "Un install your account then Re install it" and apparently for that user this strategy worked. As well as 2 BB10 devices this household has a iOS v.6 and a iOS v.9 device. Re installation of the Work EAS account failed on all 4 machines having previously worked on all 4 up to last Thursday. Haven't a clue how to stitch all these findings together.
I would not have called my work global- or nation-critical in any sense and it is not a financial institution. We all use BYOD (Bring Your Own Device - have I remembered the acronym right?). I wonder whether IT will retract their recent strengthened protections (or even fully understand them).

Posted via CB10

"retract their recent strengthened protections" Why would they do that?

I think we will see more and more of IT move to the 1+ way of handling Android - supporting current version plus one. Some UEMs now allow for exclusions based on a patch level basis as well. In IT you have to rule out the weakest link.... and that's someone using old hardware with old outdated software on it.

iOS, there is no reason to support anything but the current version...

[anon(10728938)]

"retract their recent strengthened protections" Why would they do that?

I think we will see more and more of IT move to the 1+ way of handling Android - supporting current version plus one. Some UEMs now allow for exclusions based on a patch level basis as well. In IT you have to rule out the weakest link.... and that's someone using old hardware with old outdated software on it.

iOS, there is no reason to support anything but the current version...

Still, OS version would be nothing more than an excuse. Many older versions of Android are still being patched. It's the app itself (Hub Inbox in this case) that is being blocked by IT policy, and the app itself is fully compliant and working on the most current version of Android.

[m3ach]

Still, OS version would be nothing more than an excuse. Many older versions of Android are still being patched. It's the app itself (Hub Inbox in this case) that is being blocked by IT policy, and the app itself is fully compliant and working on the most current version of Android.

The Android version of the Hub is not the same as the BB10 version.

[anon(10728938)]

The Android version of the Hub is not the same as the BB10 version.

Yes, I understand that. Believe it or not, the BlackBerry Android Hub/Inbox is treated as a suspicious third party app as well, even by Google and despite the fact it is up to date on PlayStore and probably one of the most secure and private email clients available on Android. Go figure.

[Chuck Finley69]

Yes, I understand that. Believe it or not, the BlackBerry Android Hub/Inbox is treated as a suspicious third party app as well, even by Google and despite the fact it is up to date on PlayStore and probably one of the most secure and private email clients available on Android. Go figure.

What facts in 2021 are you basing that statement?

Posted via CB10

[anon(10728938)]

What facts in 2021 are you basing that statement?

Posted via CB10

You've obviously never installed Hub+ services (which is required for the BB suite) on a non-BlackBerry Android device.

[conite]

You've obviously never installed Hub+ services (which is required for the BB suite) on a non-BlackBerry Android device.

I think he's referring to the "one of the most secure and private email clients available on Android" statement - which of course is patently false.

[anon(10728938)]

I think he's referring to the "one of the most secure and private email clients available on Android" statement - which of course is patently false.

Which is better then, in your humble opinion(s)? And don't forget to include how it is more secure and more private.

[conite]

Which is better then, in your humble opinion(s)? And don't forget to include how it is more secure and more private.

The HUB doesn't support 2FA, so basically any of the big email clients are better today. The HUB has been out of development for 2 years.

Gmail, Outlook, Aqua, Nine, and many others support it.

[anon(10728938)]

The HUB doesn't support 2FA, so basically any of the big email clients are better today. The HUB has been out of development for 2 years.

Is that your best reason? Which email app supports this, and how? Looking forward to your explanation.

[Chuck Finley69]

You've obviously never installed Hub+ services (which is required for the BB suite) on a non-BlackBerry Android device.

I had it on several of my Alcatel, LG and other non-BlackBerry devices. My Pixel 3a is first Android daily use device that I didn't install since I no longer saw the value. As conite wrote, I was referring to other part of your statement.

Posted via CB10

[anon(10728938)]

I had it on several of my Alcatel, LG and other non-BlackBerry devices. My Pixel 3a is first Android daily use device that I didn't install since I no longer saw the value. As conite wrote, I was referring to other part of your statement.

Posted via CB10

Good to know. You can also feel free to chime how your email app of choice is more secure and private than Hub+ Inbox. In 2021.

I see you are posting from a BB10 device. Good choice. Still works great for email doesn't it? You would think it was rocket science to develop an email app that doesn't have to scan your emails to justify its existence...

[conite]

Good to know. You can also feel free to chime how your email app of choice is more secure and private than Hub+ Inbox. In 2021.

If no support for 2FA, and a client that hasn't been updated in 2 years don't bother you, what would?

[anon(10728938)]

If no support for 2FA, and a client that hasn't been updated in 2 years don't bother you, what would?

You didn't answer my question.

[conite]

You didn't answer my question.

What question? I provided a list of better clients that don't require server configurations to allow for "less secure apps".

[anon(10728938)]

What question? I provided a list of better clients that don't require server configurations to allow for "less secure apps".

I am still waiting for your explanation how an email client app uses 2FA. While your at it, perhaps you can explain how that has anything to do with whether or not a server/provider will accept a specific app without requesting an app specific password? What does that have to do with the email app itself and how it works?

[bh7171]

The HUB doesn't support 2FA, so basically any of the big email clients are better today. The HUB has been out of development for 2 years.

Gmail, Outlook, Aqua, Nine, and many others support it.

If your email hosting client uses Office 365 on their end and you run them through the HUB as I do one's email is about as secure as any.

[app_Developer]

I am still waiting for your explanation how an email client app uses 2FA. While your at it, perhaps you can explain how that has anything to do with whether or not a server/provider will accept a specific app without requesting an app specific password? What does that have to do with the email app itself and how it works?

App specific passwords are not as secure as M(2)FA because:

1.) Obviously it's only single factor
2.) How do you rotate/change the password? It's a manual process, that will not meet security standards in most companies today

I don't connect my Android device to Exchange, but I'm sure the Outlook app supports this correctly. On iOS, support for MFA is more straightforward and so Outlook and the built-in Mail app *both* the correct standard.

[anon(10728938)]

App specific passwords are not as secure as M(2)FA because:

1.) Obviously it's only single factor
2.) How do you rotate/change the password? It's a manual process, that will not meet security standards in most companies today

I don't connect my Android device to Exchange, but I'm sure the Outlook app supports this correctly. On iOS, support for MFA is more straightforward and so Outlook and the built-in Mail app *both* the correct standard.

That's an interesting theoretical argument, but no email app I am aware of uses 2FA protocols to communicate with the email server, even for the initial account setup, so I still have no idea what you people are taking about?

BlackBerry Hub Inbox, as well as other email apps, need you to allow administrator access to your Outlook account. A special splash screen comes up that you must agree to. That is pretty much the extent of it. The same occurs for Samsung Email, and Outlook. I have two Outlook Exchange accounts, the only time I am required to use 2FA is to login directly to my Microsoft Account. Email apps having access to the servers seems entirely arbitrary, based on the policy of the host server. For example, Yahoo/Rogers accounts allow Samsung Email to use the main account password, but forces an app password for BlackBerry Inbox. No 2FA involved for either. Similarly, I have no idea why Google has a problem with Hub Inbox and flags it as a security concern when first installed, even though Google itself never requires 2FA for email access or even to login to your account for that matter. Google doesn't even require a phone number.

As far as I can tell this entire process - when it comes to email at least - is a sham that is engineered to draw users away from competing platforms, and encourage you to use the apps of the main email service providers. Any suggestion that BlackBerry is less secure simply because the security policies of big tech has arbitrarily slammed the door in its face is obviously bogus. The real answer is they don't want any competition.