AOL and Yahoo merged in 2017 under their parent company at the time, Verizon. All mentions of AOL Mail in this article also refer to Yahoo Mail.
If you have an AOL email address, chances are you had to sign out and sign back in to your email client of choice last week. This was due to updates that AOL made to their authentication servers, which caused all existing authentication tokens to be invalidated. In other words, if you check your email anywhere other than AOL.com (like the Mail app on your phone or computer), you probably got signed out unexpectedly.
Ok, big deal, right? Sign back in. Well…
If you’re like one of my many clients that contacted me last week, it wasn’t that simple, even for those who knew their passwords. For those who didn’t have two-factor authentication enabled, they had to receive codes to a recovery number or email. If they didn’t have those set up, the only option was to return to another device that was already signed in. But wait, didn’t every device get signed out? Uh oh.
Unfortunately, my most important client (my mom) completely lost access to an AOL email address she’s had since 2006. The only recovery option was to remember the answer to a security question she had set up 18 years ago. As a last resort, AOL offers the option to contact a paid support phone number. This already sounds shady, especially since it was AOL’s fault that authentications got reset. Worse yet, when my mom called and paid for support, she wasn’t offered any new recovery methods she hadn’t already tried and remained locked out. Others were successful, but paying to get back in after being forced to log out left a bad taste in their mouths.
Most of these issues resulted from misconfigured security settings, which I find extremely common. In contrast, my AOL account properly secured with a passkey, two-factor authentication, and multiple recovery methods. Yet, when I tried going through the recovery process just to see what it was like, the only option I was allowed to use was my “recovery phrase,” a string of five words which you only get to see once and changes every time you use it. If I wanted to recover my account with my recovery phone or email, I had to call and pay for support, as well as potentially give up sensitive information like a picture of my driver’s license.
This practice is predatory and discriminatory. Since AOL is one of the oldest email providers, many of their users are older and less tech-savvy. By restricting account access under the guise of improved security, they stand to profit off of recovery services for those who simply didn’t know how to, or even that they needed to, update their security settings. I’m no tech conspiracy theorist, so I don’t think the sign in issues last week were intentional. But you can safely bet that AOL made some money off support calls this past weekend. Also, think of the users who pay for AOL’s subscription services and now can’t sign in to cancel if they wanted to.
What’s the alternative?
If you’re a loyal Apple customer, there hasn’t been a better time to switch to iCloud Mail. Last week, Apple began allowing users to change their iCloud email address. So if you’re like me and had an embarrassing iCloud email that made you hesitant to use it, you can finally change it. It also has one of the best privacy policies of any free email provider, and doesn’t litter your inbox with ads. Alternatively, Gmail is one of the most popular and reliable free email providers and comes with all the other benefits of a Google account, such as Google Drive and Sign in with Google. Unfortunately, AOL puts email forwarding behind a paywall, so you can’t simply forward all your emails to your new account.
Before you delete or decommission any email account, you need to consider which people and companies depend on that address to contact you. I generally recommend monitoring your inbox for a year before deleting your account so you can get an idea of who needs to know your new address before you lose access to your old one, including other accounts you’ve set up using that address. Think: For what other online accounts is my username my AOL address?
There’s also no harm in keeping your AOL account, so long as you secure it. The best way is by setting up a passkey, which is a password alternative that is stored on your device and is invisible to the user to prevent phishing attacks. Passkeys belong to the device you set them up on (or in a cloud service like iCloud Keychain or 1Password), so you should never create them on a device you don’t own. Just make sure you have a copy of it when it comes time to upgrade your device. If you haven’t set one up yet, you’ll be asked the next time you sign in to AOL.com in a browser. As long as your account is secure, no one can steal it and use it to impersonate you long after you’ve forgotten it exists.
If AOL’s fearmongering, tabloid-ridden homepage and abysmal privacy practices weren’t enough of a sign to switch to a better email provider, now imagine losing access to your account at random. If you lost access to your AOL account because of the incident last week, I wish you the best of luck in recovering it or sorting out your tech life without it.