- Arhivirano
Login problems at https://www.nsandi.com
Am I alone having difficulty logging in to (UK savings bank) https://www.nsandi.com, since they introduced two-factor authentication? 1. I go to the login screen https:/… (pročitajte više)
Am I alone having difficulty logging in to (UK savings bank) https://www.nsandi.com, since they introduced two-factor authentication?
1. I go to the login screen https://secure.nsandi.com/thc/policyenforcer/pages/loginB2C.jsf?chainingAction=true&MENU=true&forceLogin=true&q=54676c38-933e-46dd-90a7-7c8a5127a983&p=aa69b759-9e91-4f76-b9be-329d0f9685be&ts=1670588750&c=nsandi&e=nsisecure&rt=Safetynet&h=e4eb2ce3d2ca79deee6728fa3ba9fe55 which prompts me for my account details. 2. There's an "Accept cookies?" pop-up; I click reject all cookies. 3. I enter my login details. 4. There's an "Accept cookies?" pop-up; I click reject all cookies. 5. It takes me back to the login screen which prompts me for my account details. 6. I enter my login details. 7. I get a JSON error message {"error":"ERROR_DURING_DEVICE_REVOKE","errorDescription":"ERROR_DURING_DEVICE_REVOKE"} on what looks like a Firefox diagnostic screen; the "headers" tab shows this:
X-Firefox-Spdy: h2 cache-control: no-cache, no-store, max-age=0, must-revalidate content-encoding: gzip content-security-policy: frame-ancestors 'self' https://sbp-retail-prd-kyd-b2n-vip.nsi.local; content-type: application/json date: Fri, 09 Dec 2022 12:16:52 GMT expires: 0 pragma: no-cache referrer-policy: no-referrer-when-downgrade server: nginx strict-transport-security: max-age=31536000;preload x-cdn: Imperva x-content-type-options: nosniff, nosniff, nosniff x-frame-options: SAMEORIGIN, SAMEORIGIN x-iinfo: 5-7620738-7622339 PNYN RT(1670588150185 61257) q(0 0 0 -1) r(1 1) U6 x-xss-protection: 1; mode=block, 1; mode=block, 1; mode=block
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.7,eo;q=0.3 Connection: keep-alive Content-Length: 1182 Content-Type: application/x-www-form-urlencoded DNT: 1 Host: auth.nsandi.com Origin: https://auth.nsandi.com Referer: https://auth.nsandi.com/api/ta/checkDevice Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-GPC: 1 TE: trailers Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0
8. I click the refresh/reload button 9. There's an "Accept cookies?" pop-up; I click reject all cookies. 10. The "Add trusted device" screen lets me choose a phone number to receive a one-time password. 11. There's an "Accept cookies?" pop-up; I click reject all cookies. 12. I receive the one-time password via text and enter it. 13. There's an "Accept cookies?" pop-up and (beneath it) a "Securing your browser ... please wait..." screen, which eventually is replaced by the "Your accounts screen". 14. I click reject all cookies and FINALLY I'm able to view my nsandi.com account details !
So there seems to be two issues i. The need to enter my login details twice, and then reload the page on receiving JSON "ERROR_DURING_DEVICE_REVOKE" ii. The fact that every step along the way, I get the same "Accept cookies?" pop up - surely having told it my cookie preferences it shouldn't be asking again and again and again...
Because the login dialogue takes me to three different URLs: https://auth.nsandi.com https://secure.nsandi.com https://www.nsandi.com ... I wondered if Firefox's "Enhanced Tracking Protection" was interfering with communication between them (via the browser, during the login process). So I added all three to "Exceptions for enhanced tracking protection". But that didn't make any difference.
My work-around is to login using the Microsoft Edge browser. But it's a pain to having to remember to use my non-preferred/non-default browser for this one account.