Let AT&T help you elebrate your dad with Father's Day Gifts that connect us.
Need to update email settings?
loon15's profile

New Member

 • 

16 Messages

Monday, December 19th, 2022 6:11 PM

Adding 2FA to create Secure Mail Key with AT&T Profile

Can you please put 2FA on adding a secure mail key within our AT&T profile? Someone from within the organization keeps adding a Secure Mail Key without my permission. I have to go and delete it at least once every 2 weeks or once a week. This has been going on for quite a some time now. I change my passwords and passcodes weekly and it still happens. Usually when I log onto my account it will text me for a code but this is not happening when this key is added that is why I am thinking it is from within. Could be a rogue employee or 3rd party customer service reps. Who knows but AT&T should be able to figure this out. By adding 2FA to add a secure mail key would solve this problem. BTW I am not the only customer that has this problem. Look in your own forums and see for yourself. PLEASE FIX THIS ASAP!!!!!

FYI... I would quit calling it a SECURE MAIL KEY until it is actually SECURE!

Accepted Solution

Official Solution

Employee

 • 

420 Messages

1 year ago

Hello Community,

We appreciate your patience and thorough responses and comments around this issue.  Thanks to your feedback, and the examples you provided, we were able to identify a new attempt by bad actors to try and get access to some customer's email accounts.  We do our best to put in security measures to prevent these issues from happening, and that's why we have recently been promoting 2-factor authentication.

In the coming days you may be prompted to reset your password as we work to resolve these issues and prevent future attacks.  We know it's frustrating, and appreciate you all working with us to find a solution.

Thanks

Tim, AT&T Customer Specialist

Tutor

 • 

78 Messages

1 year ago

To add emphasis to loon15's post:

I made a quick tally of everybody I could find who reported an incident here.  There are 11 people.  Most report multiple instances.  People describe that they delete their secure mail keys and change their passwords, yet the problem repeats.  This surely isn't simple phishing.

  1. brown27bjb59       2 times
  2. c_zilla                      2 times
  3. callerisinthehouse  1 time
  4. hackedbysecurekey multiple times over the last yea
  5. Huck344                  Every few weeks
  6. invisibleman22015  3 times
  7. loon15                     6-8 times
  8. Margthecar              1 time
  9. randomuser1            1 time
  10. Rickp703                  3 times
  11. unsecuremailkey      multiple times over the last year
This data is collected from another thread in this forum.   (Last update 2022-12-19)

(edited)

New Member

 • 

16 Messages

1 year ago

It's actually happened to me a least 6 - 8 times. I am on a brand new PC and it still happens. It's happening from within the organization for sure. Simple fix. 

2FA to create secure mail key

New Member

 • 

32 Messages

1 year ago

You can add one to my count for a running total of 3 times for me... and if you're keeping track of other stats, I've now changed my email password 4 times and have a completely separate account set up for these forums. I almost never click on links in emails and have made a point not to do so in any message sent to my @att.net account since the 2nd password reset/2nd mail key was added to my account without my permission.

I haven't been phished, guys. Y'all have a problem.

New Member

 • 

19 Messages

1 year ago

3 times had a new security key added in the last 36 hours.  I only use Outlook for email. Thankfully I have been getting the notifications, so able to delete them - but I have had this email a LONG time, and have a lot of stuff tied to it.

There must be a security hole on the AT&T side with some of these old domains (mine is a "sbcglobal.net" addy), and hopefully through all of our complaints on what seems to be a (relatively) new situation they can find a resolution.

New Member

 • 

16 Messages

1 year ago

I sure hope so Rick. I have had my bellsouth.net email address for 20+ years. It is a pain in the butt to switch everything.  I am currently moving to an outlook.com email address which still uses secure mail keys but at least it has 2FA.

New Member

 • 

32 Messages

1 year ago

If you are still holding out hope that AT&T is gonna fix this you are fooling yourself. No amount of threads in this forum can make them care. That's obvious from the dismissive replies and the way they're basically ignoring us. Do yourself a favor and move your most sensitive accounts ASAP. If you want to leave your walmart or reddit accounts on at&t email a bit longer in hopes of not having to migrate, go ahead and gamble with those. But not your bank, credit card, any government accounts, etc.

New Member

 • 

30 Messages

1 year ago

I've had a secure mail key continously added to my account for the last year.  It's always at random times and they are doing it without altering my password. Also they never log into my account to add it, because it doesn't show on the login history page.  
So somehow people are able to randomly generate keys until it connects?  Or there is a security breach in your system.  Or it's a rogue employee putting these keys on people's accounts.  Please address this @ATTHelp @ATTHelpForums @ATTHelpFeedback

New Member

 • 

19 Messages

1 year ago

I don't want to give anyone false hope... BUT - I have not had a security issue for the last 4 days by way of not only redoing my password, BUT I also deleting ALL Security Keys (including this active one that I CREATED)... by way of erasing ALL of the Keys then reissuing a new one for my Outlook mail application, I have not had a breach....  Sure, it's just a matter of time I'm betting; but trying to share with this small group to see if anyone else has erased ALL Secure Keys and started from scratch?  If not, maybe someone can give it a try like I have, with perhaps favorable results.  Invisible - you are ultimately correct, this is free old and they could care less, but it would be ideal if this can be figured out.

Tutor

 • 

78 Messages

1 year ago

FWIW - I did the same thing as Rickp703 the last time my account was attacked.  New password, deleted all secure keys (both legit and not legit).  Created new secure keys.  My accounts has been good so far (several weeks).

I don't have a lot of confidence that this solution with stick.  But it would be good for more people to try it and report on their results.

(edited)

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.