Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Login problems at https://www.nsandi.com

  • 2 replies
  • 0 have this problem
  • 2 views
  • Last reply by wgtwalker

more options

Am I alone having difficulty logging in to (UK savings bank) https://www.nsandi.com, since they introduced two-factor authentication?

1. I go to the login screen https://secure.nsandi.com/thc/policyenforcer/pages/loginB2C.jsf?chainingAction=true&MENU=true&forceLogin=true&q=54676c38-933e-46dd-90a7-7c8a5127a983&p=aa69b759-9e91-4f76-b9be-329d0f9685be&ts=1670588750&c=nsandi&e=nsisecure&rt=Safetynet&h=e4eb2ce3d2ca79deee6728fa3ba9fe55 which prompts me for my account details. 2. There's an "Accept cookies?" pop-up; I click reject all cookies. 3. I enter my login details. 4. There's an "Accept cookies?" pop-up; I click reject all cookies. 5. It takes me back to the login screen which prompts me for my account details. 6. I enter my login details. 7. I get a JSON error message {"error":"ERROR_DURING_DEVICE_REVOKE","errorDescription":"ERROR_DURING_DEVICE_REVOKE"} on what looks like a Firefox diagnostic screen; the "headers" tab shows this:

X-Firefox-Spdy: h2 cache-control: no-cache, no-store, max-age=0, must-revalidate content-encoding: gzip content-security-policy: frame-ancestors 'self' https://sbp-retail-prd-kyd-b2n-vip.nsi.local; content-type: application/json date: Fri, 09 Dec 2022 12:16:52 GMT expires: 0 pragma: no-cache referrer-policy: no-referrer-when-downgrade server: nginx strict-transport-security: max-age=31536000;preload x-cdn: Imperva x-content-type-options: nosniff, nosniff, nosniff x-frame-options: SAMEORIGIN, SAMEORIGIN x-iinfo: 5-7620738-7622339 PNYN RT(1670588150185 61257) q(0 0 0 -1) r(1 1) U6 x-xss-protection: 1; mode=block, 1; mode=block, 1; mode=block

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.7,eo;q=0.3 Connection: keep-alive Content-Length: 1182 Content-Type: application/x-www-form-urlencoded DNT: 1 Host: auth.nsandi.com Origin: https://auth.nsandi.com Referer: https://auth.nsandi.com/api/ta/checkDevice Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-GPC: 1 TE: trailers Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0

8. I click the refresh/reload button 9. There's an "Accept cookies?" pop-up; I click reject all cookies. 10. The "Add trusted device" screen lets me choose a phone number to receive a one-time password. 11. There's an "Accept cookies?" pop-up; I click reject all cookies. 12. I receive the one-time password via text and enter it. 13. There's an "Accept cookies?" pop-up and (beneath it) a "Securing your browser ... please wait..." screen, which eventually is replaced by the "Your accounts screen". 14. I click reject all cookies and FINALLY I'm able to view my nsandi.com account details !

So there seems to be two issues i. The need to enter my login details twice, and then reload the page on receiving JSON "ERROR_DURING_DEVICE_REVOKE" ii. The fact that every step along the way, I get the same "Accept cookies?" pop up - surely having told it my cookie preferences it shouldn't be asking again and again and again...

Because the login dialogue takes me to three different URLs: https://auth.nsandi.com https://secure.nsandi.com https://www.nsandi.com ... I wondered if Firefox's "Enhanced Tracking Protection" was interfering with communication between them (via the browser, during the login process). So I added all three to "Exceptions for enhanced tracking protection". But that didn't make any difference.

My work-around is to login using the Microsoft Edge browser. But it's a pain to having to remember to use my non-preferred/non-default browser for this one account.

Am I alone having difficulty logging in to (UK savings bank) https://www.nsandi.com, since they introduced two-factor authentication? 1. I go to the login screen https://secure.nsandi.com/thc/policyenforcer/pages/loginB2C.jsf?chainingAction=true&MENU=true&forceLogin=true&q=54676c38-933e-46dd-90a7-7c8a5127a983&p=aa69b759-9e91-4f76-b9be-329d0f9685be&ts=1670588750&c=nsandi&e=nsisecure&rt=Safetynet&h=e4eb2ce3d2ca79deee6728fa3ba9fe55 which prompts me for my account details. 2. There's an "Accept cookies?" pop-up; I click reject all cookies. 3. I enter my login details. 4. There's an "Accept cookies?" pop-up; I click reject all cookies. 5. It takes me back to the login screen which prompts me for my account details. 6. I enter my login details. 7. I get a JSON error message {"error":"ERROR_DURING_DEVICE_REVOKE","errorDescription":"ERROR_DURING_DEVICE_REVOKE"} on what looks like a Firefox diagnostic screen; the "headers" tab shows this: X-Firefox-Spdy: h2 cache-control: no-cache, no-store, max-age=0, must-revalidate content-encoding: gzip content-security-policy: frame-ancestors 'self' https://sbp-retail-prd-kyd-b2n-vip.nsi.local; content-type: application/json date: Fri, 09 Dec 2022 12:16:52 GMT expires: 0 pragma: no-cache referrer-policy: no-referrer-when-downgrade server: nginx strict-transport-security: max-age=31536000;preload x-cdn: Imperva x-content-type-options: nosniff, nosniff, nosniff x-frame-options: SAMEORIGIN, SAMEORIGIN x-iinfo: 5-7620738-7622339 PNYN RT(1670588150185 61257) q(0 0 0 -1) r(1 1) U6 x-xss-protection: 1; mode=block, 1; mode=block, 1; mode=block Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.7,eo;q=0.3 Connection: keep-alive Content-Length: 1182 Content-Type: application/x-www-form-urlencoded DNT: 1 Host: auth.nsandi.com Origin: https://auth.nsandi.com Referer: https://auth.nsandi.com/api/ta/checkDevice Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-GPC: 1 TE: trailers Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 8. I click the refresh/reload button 9. There's an "Accept cookies?" pop-up; I click reject all cookies. 10. The "Add trusted device" screen lets me choose a phone number to receive a one-time password. 11. There's an "Accept cookies?" pop-up; I click reject all cookies. 12. I receive the one-time password via text and enter it. 13. There's an "Accept cookies?" pop-up and (beneath it) a "Securing your browser ... please wait..." screen, which eventually is replaced by the "Your accounts screen". 14. I click reject all cookies and FINALLY I'm able to view my nsandi.com account details ! So there seems to be two issues i. The need to enter my login details twice, and then reload the page on receiving JSON "ERROR_DURING_DEVICE_REVOKE" ii. The fact that every step along the way, I get the same "Accept cookies?" pop up - surely having told it my cookie preferences it shouldn't be asking again and again and again... Because the login dialogue takes me to three different URLs: https://auth.nsandi.com https://secure.nsandi.com https://www.nsandi.com ... I wondered if Firefox's "Enhanced Tracking Protection" was interfering with communication between them (via the browser, during the login process). So I added all three to "Exceptions for enhanced tracking protection". But that didn't make any difference. My work-around is to login using the Microsoft Edge browser. But it's a pain to having to remember to use my non-preferred/non-default browser for this one account.

All Replies (2)

more options

You likely will have to accept some cookies to make this website work properly as if you reject al cookies it fails to work. Those session ID cookies are mandatory to transfer your login state across various domains and with Firefox partitioning cross-site cookies this might even be more important.

more options

OK, so I allowed the pop-up window to store functional cookies on my device, and reconfigured the Firefox settings not to delete cookies for the site. Now, when visiting the site, I am no longer pestered with the "Allow cookies" pop-up window.

But the login problem persists.

From a fresh restart of Firefox, I go to the login page, and enter my account number, surname and password. There's a page saying "Authenticating your device", then I am taken back to the login page and prompted again to enter my account number, surname and password. I enter these details a second time, and am taken to the page https://auth.nsandi.com/api/ta/checkDevice which displays a page with three tabs; the first tab is labelled "JSON" and the page contents says error: "ERROR_DURING_DEVICE_REVOKE" errorDescription: "ERROR_DURING_DEVICE_REVOKE" To proceed, I need to click on the "Refresh" button, and it THEN takes me to the "Add trusted device ... Chose Phone number for OTP" page. I enter the one one-time password and, after a further "authenticating your device" page comes and goes, I am finally logged in.

So... the "secure.nsandi.com" site seems to have some sort of "JSON" problem with firefox (which doesn't occur with MS-Edge), even when I have allowed it to save cookies on my device.