Constant need to "verify" devices

[Amethyst]

I use 3 computing devices: a PC with large screen, an elderly laptop, and a smartphone when away from the larger devices. ("Away" can mean in another part of the house, so still within our Wifi network).

Every banking site, Vanguard, credit cards, the TSP, Blue Cross Blue Shield, etc. requires each device to be verified with a number sent via email or phone. I understand the need for this, particularly when traveling.

Trouble is, the verification doesn't stick. When the site says "Your device is verified for the next three months," it's a lie.

It has gotten to where I am answering the phone or checking email (particularly annoying on the smartphone) for these sites every day - even when I just verified the device the previous day.

Am I the only one?

 

[Another Reader]

No you are not and it's very aggravating.

 

[kcowan]

Same here. It used to be strictly from a different IP and now it is every time.

 

[braumeister]

They're not verifying the device; they're verifying its operator.

 

[Calico]

It isn't every time, but it certainly seems to be far more frequently these days that I am asked to verify.

It is very annoying, but less annoying than having my identity or bank accounts hacked, so I grit my teeth (and possibly say some bad words!) and do it.

Sometimes (not always, but sometimes) selecting "Remember this device/Remember me" seems to make the verification "stick" a bit longer, although there doesn't seem to be any rhyme or reason to it.

 

[ivinsfan]

My bank switched toa more secure system 56 months ago. I have text alerts for everything under the sun...busy during the summer and not around my main log in computer. After 90 days the bank deactivated my user name.

 

[Gumby]

I deliberately avoid turning off the two factor authentication feature. It is a little more inconvenient for me to have to input the code they text me every time, but I'm willing to suffer some inconvenience for increased security

 

[Major Tom]

I never verify a device. I act as if my personal devices are public ones, and go through the whole verification process each time. However, I also double and triple check that all faucets are off, that the toilet valve has shut-off completely after refilling the tank, the toilet lid is closed (I have a cat and have a fear she will get stuck in the toilet and be unable to get out), all windows are closed, and my cat is breathing and OK, every time I leave the house.

It's best to be sure

 

[OldShooter]

The situations I am familiar with, the bank or brokerage saves a cookie indicating that the device is verified. If the web site finds the cookie, the verification code dance is not invoked. Schwab and USBank are like this.

My browser is set to clear all cookies each time it is closed. I tend to leave it open too much, but when I do close and re-open I do have to do all the dances again. It may be, too, that some verification cookies have time limits that cause the dance to be needed again.

 

[mpeirce]

I have the same issue with this website. I have to log into it from the same machine a few times every day.

 

[REWahoo]

I have the same issue with this website. I have to log into it from the same machine a few times every day.

If you are referring to E-R.org, be sure to check the "Remember me" box when logging in.

 

[Chuckanut]

It's not a bug, it's a security feature.

Blame the bad guys who do things like encrypt your data and demand a ransom to get the de-crypt key.

 

[harllee]

On financial sites I never click the remember this device feature. I always want to get the text for 2 factor authentication. I like the safety feature and it only takes a minute.

 

[COcheesehead]

I find clicking on the “remember me” on the sign-in page helps 90% of the time. I still occasionally have to go through the verification process, but less and less.

 

[frayne]

Guess, I can understand the intent and can give a pass to the PIA factor for the sake of keeping financial account(s) access secure. Small price to pay and a truly first world problem. Now give me the name of your first dog, high school mascot, mother's maiden name and horoscope sign of your second HS sweetheart.

 

[cathy63]

If you *do* want your device to be remembered, make sure you:
- use the same Windows account each time you restart the computers
- use the same browser each time you access the problematic websites
- have your browser settings enabled to allow all cookies
- don't use "incognito" or "in private" browser windows
- don't use any settings or 3rd party tools that automatically delete cookies or clear your browser cache when you exit your browser, or after a specific period of time elapses

 

[Amethyst]

Cathy,

I already do all or most of these things. The maddening constant-ness started with the BCBS web site a couple of years ago, and has spread to the others over maybe the past 6 months. Seriously - I can verify the laptop, then the smartphone, then go back to the laptop that same day and have to go through the rigmarole again.

If you *do* want your device to be remembered, make sure you:
- use the same Windows account each time you restart the computers
- use the same browser each time you access the problematic websites
- have your browser settings enabled to allow all cookies
- don't use "incognito" or "in private" browser windows
- don't use any settings or 3rd party tools that automatically delete cookies or clear your browser cache when you exit your browser, or after a specific period of time elapses

 

[NW-Bound]

If you *do* want your device to be remembered, make sure you:
- use the same Windows account each time you restart the computers
- use the same browser each time you access the problematic websites
- have your browser settings enabled to allow all cookies
- don't use "incognito" or "in private" browser windows
- don't use any settings or 3rd party tools that automatically delete cookies or clear your browser cache when you exit your browser, or after a specific period of time elapses

For a long time now, Treasury Direct Web site can never store/retrieve its cookie when I access it with Google Chrome. It forces me to authenticate via an email every time.

Yet, other Web sites do not have this problem with Google Chrome.

And I found that Treasury Direct cookies worked OK with MS Edge browser.

 

[RunningBum]

Cathy,

I already do all or most of these things. The maddening constant-ness started with the BCBS web site a couple of years ago, and has spread to the others over maybe the past 6 months. Seriously - I can verify the laptop, then the smartphone, then go back to the laptop that same day and have to go through the rigmarole again.

Any chance you're losing internet or your router is getting reset? Or do you use a cell hotspot? Those would likely have changing IP addresses, which would make it look like a new device to those websites. Since you're seeing this at multiple websites, it is likely to be something on your end.

 

[Amethyst]

No hotspot, and no indication of router issues.

I'm using Chrome.

Any chance you're losing internet or your router is getting reset? Or do you use a cell hotspot? Those would likely have changing IP addresses, which would make it look like a new device to those websites. Since you're seeing this at multiple websites, it is likely to be something on your end.

 

[rk911]

ya can't be too careful.

 

[MC Rider]

Try Firefox?

 

[cathy63]

Cathy,

I already do all or most of these things. The maddening constant-ness started with the BCBS web site a couple of years ago, and has spread to the others over maybe the past 6 months. Seriously - I can verify the laptop, then the smartphone, then go back to the laptop that same day and have to go through the rigmarole again.

Are you able to use the laptop twice in a row if you don't use the smartphone in between? It may be that these sites are storing device info on the server side as well as on your devices and they can only handle one authenticated device per user, so that when you switch to the smartphone you're erasing the stored info about the laptop. I am not having these types of problems, but I generally use apps on my phone rather than accessing an institution's website via a browser.

 

[RobbieB]

I don't have these problems.

 

[MC Rider]

I don't have these problems.

For some reason Lucky Man by ELP popped into my head.