Halifax and passcodes and (likely) Windows 11

Mikeyorks

For the past 3 months our joint and singular accounts / Credit cards have suddenly been subject to (unexpected) passcodes in order to Login.

The usual 'do you wish to trust this device' has been absent and the passcodes have continued until I've complained informally to the online Help Desk. No explanation has been offered, just the usual set of questions around 'are you using a different device / is your browser up to date / have you deleted cookies etc'. But on the next invocation of a passcode that has been followed by the pop up to ask if I want to trust the device? And normality has then resumed ........ until the next time.

On the 4th iteration of passcodes I've turned it into a formal complaint but am getting nowhere. I've had the usual 'this is how it's meant to work' and thrown it back at them - but I've stopped short of blaming them entirely as nowhere can I find evidence this is happening on any scale.

I've checked that (I use a desktop PC) no update etc has started deleting Cookies behind my back but suddenly realised (it seemed much longer ago) that I upated to Windows 11 in mid-Feb and the issue would have started shortly afterwards.

We live where the precise opposite to 'the leading edge of technology' applies. When we moved here 9 years ago the internet speed was 0.25Mb and our most frequent visitors, after the postman, were Openreach. There is no mobile signal - but we have had that, in our various homes, ever since mobile networks were live. 

Eventually, with greater authentication on the way, I had to improve things with 2 x 4G aerials on the roof. These are cabled to a data SIM router to give me 20Mb internet / a VOIP connector in order to get rid of the reliance on the Openreach copper connection and mobiles which support 'WiFi calling' in order to guarantee availability of passcodes etc.

A long way of asking if anyone else is suffering from an excess of passcodes which may well have a Windows 11 connection? As it passed me by at the time but, most unusually, I have also had a 'just checking it's you' passcode from PayPal in the similar timeframe.

With no signal at any of the last 3 places we have lived in the past 40 years we do not give out mobile numbers except where absolutely essential. So the mobiles  are never switched on - hence passcodes are a real nuisance.

Any help much appreciated. The hardware configuration is noted only because it suddenly seems my fixed device is suddenly not being fully recognised and I'm uncertain if Windows 11 has a finger in there.

wmb194

Have you tried a different web browser? Is your browser automatically clearing cookies? If so, try turning that off.

Mikeyorks

Thanks.

Yes - I've tried Edge with exactly the same results. 

Cookies - no surreptitious deletion happening behind my back. One of the first things I checked as it's a certain way to create this problem.

I'm really puzzled at the obvious lack of issues elsewhere - hence my noting the hardware etc configuration as that's pretty unique to me. But I can't see why Windows 11 would interface with that differently to Windows 10. We're next but last property on 7Km of old underground copper wire. As well as the water penetration the moles keep eating through it. Openreach then bring it above ground to repair - and the farmers flail it to bits when clearing the hedges / roadside grass! 

sausage_time

I'm starting to see something similar with Chrome.  I'm not certain, but I think it is related to when Chrome is updated and for some reason some web sites are seeing this as a new device.   I'm on Linux (not Windows).  I'll try to gather more data.  It's no more than a minor irritation for me (for now).

dealyboy

Hi OP ...

 Mikeyorks said:

For the past 3 months our joint and singular accounts / Credit cards have suddenly been subject to (unexpected) passcodes in order to Login.

The usual 'do you wish to trust this device' has been absent and the passcodes have continued until I've complained informally to the online Help Desk. No explanation has been offered, just the usual set of questions around 'are you using a different device / is your browser up to date / have you deleted cookies etc'. But on the next invocation of a passcode that has been followed by the pop up to ask if I want to trust the device? And normality has then resumed ........ until the next time.

On the 4th iteration of passcodes I've turned it into a formal complaint but am getting nowhere. I've had the usual 'this is how it's meant to work' and thrown it back at them - but I've stopped short of blaming them entirely as nowhere can I find evidence this is happening on any scale.

I've checked that (I use a desktop PC) no update etc has started deleting Cookies behind my back but suddenly realised (it seemed much longer ago) that I upated to Windows 11 in mid-Feb and the issue would have started shortly afterwards.

We live where the precise opposite to 'the leading edge of technology' applies. When we moved here 9 years ago the internet speed was 0.25Mb and our most frequent visitors, after the postman, were Openreach. There is no mobile signal - but we have had that, in our various homes, ever since mobile networks were live. 

Eventually, with greater authentication on the way, I had to improve things with 2 x 4G aerials on the roof. These are cabled to a data SIM router to give me 20Mb internet / a VOIP connector in order to get rid of the reliance on the Openreach copper connection and mobiles which support 'WiFi calling' in order to guarantee availability of passcodes etc.

A long way of asking if anyone else is suffering from an excess of passcodes which may well have a Windows 11 connection? As it passed me by at the time but, most unusually, I have also had a 'just checking it's you' passcode from PayPal in the similar timeframe.

With no signal at any of the last 3 places we have lived in the past 40 years we do not give out mobile numbers except where absolutely essential. So the mobiles  are never switched on - hence passcodes are a real nuisance.

Any help much appreciated. The hardware configuration is noted only because it suddenly seems my fixed device is suddenly not being fully recognised and I'm uncertain if Windows 11 has a finger in there.

I have had no issues with logging in to online banking and I have been on Windows 11 on my laptop for a year. I have current accounts with about a dozen banks and log in to them all, including Halifax, at least once a month, using Google Chrome browser. I also regularly log in to about another dozen commercial sites.

I presume you're referring to One Time Passcodes included in texts, I only occasionally receive them when performing a transaction, and only Santander (very rarely) and Nationwide (always) require a login OTP.

I do not have broadband but use residential wifi hotspots from my contract with BT Mobile for my laptop's internet.

I do understand the pain, of needing to turn on a mobile device and connecting, I use a basic 2G 'feature' phone, which is always on, to receive important texts. I don't think that telecoms would be a factor in this as it is not a connectivity issue, the platform is not a factor as it just provides the internet/web for online banking and it is not a mobile device app, and I do not think the browser choice is a factor as you do not have a login problem as such. It is much more likely to be Halifax for security reasons based on your accounts' usage.

northwalesd

I took use both Lloyds and Halifax on a Win11 laptop, using Chrome, without having to constantly enter OTPs once I've set the device as trusted.

sausage_time said:

I'm starting to see something similar with Chrome.  I'm not certain, but I think it is related to when Chrome is updated and for some reason some web sites are seeing this as a new device.   I'm on Linux (not Windows).  I'll try to gather more data.  It's no more than a minor irritation for me (for now).

Certainly with those two LBG sites, it does state the device will be trusted until you delete cookies, or the browser is updated. So that is to be expected for them.

Notepad_Phil

Mikeyorks said:

And normality has then resumed ........ until the next time.

How long is the gap between failures? E.g. if you login the next day does it send another passcode?

Also, you say you use the laptop for 'our joint and singular' access. I assume you have different usernames for these, so do you use the same browser for each of them? I seem to remember that with the Halifax a browser stopped being secure for a username if someone logged into that browser with a different username to that which it had previously made secure. Apologies if I'm mistaken on that, but I think that is the reason why on our shared laptop I use a different browser to Mrs Notepad.

miller

A guess - that something has happened with your user profile(s) folders when upgrading from Windows 10 to Windows 11. My understanding is Windows 11 is the first version that asks you to sign in with a Microsoft account rather than a local login and this is where problems can occur. Have a dig around in C:\Users and see if everything looks OK (no weird suffixes appended to folder names/duplication etc.).

Mikeyorks

I'm grateful  to everyone for their replies. It hasn't cracked the problem but it has given me food for thought :- 

sausage_time said:

I'm starting to see something similar with Chrome.  I'm not certain, but I think it is related to when Chrome is updated and for some reason some web sites are seeing this as a new device.

Echoed my thoughts, thanks. I checked this out a few days ago - watched Chrome update - closed everything down and then opened up and Logged into Halifax (and subsequently) without any issues. I thought Chrome updated in background but somehow I provoked it by checking the Version number. The Halifax 'Your Security' tab exhorts me to keep my browser up to date - tells me I'm using  Chrome 125 (which is current for Windows) and then (underlined) asks me to update the browser!

dealyboy said: 

. It is much more likely to be Halifax for security reasons based on your accounts' usage.

Which tends to be the final camouflage they hide behind. But it shouldn't be as our usage is pristine. Prior to retirement I used to look after significant sums destined to Treasury and the security services used to check my financial standing periodically. And I've taken great care to maintain that ever since.

Notepad_Phil said:

How long is the gap between failures? E.g. if you login the next day does it send another passcode?

Also, you say you use the laptop for 'our joint and singular' access. I assume you have different usernames for these, so do you use the same browser for each of them? 

 It's inconsistent but 2 to 3 weeks ......... and with absolutely no obvious catalyst. Hence my looking at Chrome updates as a likely background culprit. But I can't find a history of updates to check if the timeframes seem to concur ... and my limited check, by inadvertently forcing an update, does seem to give that a clean bill of health.
Different usernames / passwords - but same browser. And that configuration has worked happily for years ......... until approx the last 3 months!

miller said:

. Have a dig around in C:\Users and see if everything looks OK (no weird suffixes appended to folder names/duplication etc.).

Thanks. I've done that (to the best of my ability) and nothing stands out.

######################

Grateful for all your assistance.

I knew Halifax had 'tried to 'phone me as there was a missed call - on my mobile - whilst I was retrieving yet another passcode. As a junior 'complaints adviser' had 'phoned me on 3 separate days on my landline a few weeks ago before - passing it up to a superior - there's not much excuse (the online complaint form asks for a contact number). So I'll use that to put them on the back foot. I find " I was of the impression Complaint teams were there to resolve complaints - not make them worse" quite useful under the right circumstances.

I had a letter from Halifax this last Saturday mainly throwing rubbish up in the air. But a significant paragraph alleges that  the pop up to 'trust the device' I'm using and which has appeared only after I've 'phoned them and created an Incident ........... is purely coincidental. But as, after several weeks of nothing but passcodes, the pop up appeared within 48hrs of the abortive mobile call it gives me leverage they won't be able to ignore.

Unfortunately that means a letter - in an envelope - with a stamp. As the Halifax letter is dated 5th May and delivered 25th May - resolution may be a while.

Many thanks.  

Scotjock

Could your ISP be using dynamic ip?
This is very common issue for disconnects/requests for re-authenication

Mikeyorks

The ip is dynamic, thanks.

But the current configuration has been in place, as my fixed desktop, for close to 6 years now. So I can't see why it would suddenly provoke issues. But I'll bear it in mind when I take Halifax to task again.

Outside this sudden issue with passcodes my only prior problem has been a passcode failing to arrive when 'legitimately' issued in respect of a CC purchase for over £1k of heating oil. The 'send me another' button greys out after a further 3 attempts and Halifax initially refused to accept this could happen. 'OTPs are instant' I was told. But - when proven otherwise by the text containing all 4 codes and which arrived a half hour after I'd embarassedly had to dump the transaction - a conversation with them revealed they were using a 3rd party provider to issue the codes. So you're never quite sure what goes on under the surface.