One time password, every freakin time
#1
Original Poster
Join Date: Nov 2006
Programs: Marriott Platinum, Hilton Diamond, IHG Platinum
Posts: 3,692
One time password, every freakin time
Recently, every time I login to Amex.com on any of my regular devices (PCs), it requires an additional OTP by email or SMS. There's no option to remember the device. However, in my 2 step verification page, it shows all these devices are trusted devices, so it makes no sense.
Is this happening to anyone else?
Is this happening to anyone else?
#3
Join Date: Aug 2005
Location: Brooklyn
Programs: Delta Diamond, Bonvoy something good; sometimes other things too
Posts: 5,050
I have been having the same problem as the OP for a while now, at least 3-6 months. Have tried deleting cookies, resetting my trusted device list from elsewhere, etc., and have not come up with a solution but would love any ideas!
#5
Join Date: Aug 2005
Programs: AA LTP, UA, DL, HH, Marriott/SPG
Posts: 585
Yep and it's annoying. In my case, it seems to happen in phases. It started a few months ago. When the next "phase" starts, it seems to occur for 1-2 days and then stops. Last time it happened was about 2 weeks ago.
#9
Join Date: May 2002
Location: Arizona
Posts: 5,688
Could each person who has this problem indicate if they signed up for any of the Amex banking products? The fact that Amex has so many user interface problems is disgusting. I have a theory this is from adding a banking product
#10
Join Date: Aug 2012
Posts: 6,752
LOL...It happens to me, but, at least in my case, I know the reason why. Being paranoid by nature (one of my myriad of faults and failings), I set my browser (Firefox or Safari) to always open in private mode, block 3rd party cookies unless authorized, no-script, ghostery, anti tracking, and clear cookies and history upon closing.
#11
Join Date: Oct 2016
Posts: 3,696
LOL...It happens to me, but, at least in my case, I know the reason why. Being paranoid by nature (one of my myriad of faults and failings), I set my browser (Firefox or Safari) to always open in private mode, block 3rd party cookies unless authorized, no-script, ghostery, anti tracking, and clear cookies and history upon closing.
#12
Join Date: Aug 2012
Posts: 6,752
Ah, I tried it, albeit years ago, and it appeared to be preset customized version of Google Chrome? Personally, I try avoid using Edge or Chrome, unless absolutely necessary. And, I'm so at home and comfortable with customizing Firefox or Safari on my own, I find the somewhat "bespoke" browser experience ideal, at least for my needs.
#13
Join Date: Feb 2011
Location: NYC suburbs
Programs: UA LT Gold (BIS), AA LT Plat (CC SUBs & BD), Hilton Dia (CC), Hyatt Glob (BIB), et. al.
Posts: 3,274
Agreed, very annoying!
Wondering how long I’ll have to receive and input a 6 digit “Re-authentication Key” number whenever logging in to my AmEx account which I’ve never had to do before. 6 month old (basically) sock drawered biz gold, 1 of 6-7 biz golds and plats, notified of a fraudulent $499 charge few days ago, called AmEx, account # cancelled, new card on the way. Since then on the desktop PC website (2 different browsers both with “recognized device”) I’ve had to enter a 6 digit code after entering User ID and password (mobile app still works without this Key via Facial Recognition). Is this forever or time limited? Thank you.
#14
Join Date: Jan 2002
Location: North Oregon Coast
Programs: AS, AA, BA, HH Gold, Marriott Gold, National EE
Posts: 354
It may be possible in some cases that using a VPN which reports different external IP addresses to the server can cause this at times. Even on the same machine and browser, a “new” IP address from the requesting client can trigger this in some authentications.
#15
Join Date: Feb 2011
Location: NYC suburbs
Programs: UA LT Gold (BIS), AA LT Plat (CC SUBs & BD), Hilton Dia (CC), Hyatt Glob (BIB), et. al.
Posts: 3,274
Yippee, I stumbled across a way to end 2FA (perhaps prior to when AmEx would like it to terminate).
AmEx card user for ~20 years, 2 months ago fraud on one of multiple NLL biz plats/golds, account closed, new card mailed. Since then I’ve been required to do 2FA when logging in on desktop Windows PC and for retention calls, not when logging in on mobile Facial-ID device app. My AmEx profile has had my same landline phone # for 20 years, my same mobile # for 5 years.
Landline retention call today, human answered immediately, she confirmed my PIN (which I dislike, I prefer to only enter my PIN to non-human devices), then said “I have to transfer you to our Security Team, I’ll stay on the line”. Security Team guy picked up immediately, before he asked me any questions I said “I’ve been a member for 20 years and I’ve never had to do this 2 Factor Authorization in the past and I think it's because of the recent fraud on one of my accounts and since AmEx can always see the phone number from which I’m calling or the device I’m logging in from, is there any way I can request the 2FA to end?”
He said “let me ask the questions and then I'll look into that.” In this case the 2FA was for him to call my mobile phone while he put the landline call on hold. He called my mobile phone, asked if he was speaking to me, I said “yes, you are.” He ended the mobile phone call, came back on the landline, said “the authorization is complete and I removed the code that requires 2FA.” I said “does removal of the code for 2FA for phone calls also remove the 2FA requirement when I log in on a Windows PC?” He said “yes.” I said “thank you very much, you've made my day.” I logged into my account on my desktop PC immediately afterwards, no two factor authorization required. Happy camper.
AmEx card user for ~20 years, 2 months ago fraud on one of multiple NLL biz plats/golds, account closed, new card mailed. Since then I’ve been required to do 2FA when logging in on desktop Windows PC and for retention calls, not when logging in on mobile Facial-ID device app. My AmEx profile has had my same landline phone # for 20 years, my same mobile # for 5 years.
Landline retention call today, human answered immediately, she confirmed my PIN (which I dislike, I prefer to only enter my PIN to non-human devices), then said “I have to transfer you to our Security Team, I’ll stay on the line”. Security Team guy picked up immediately, before he asked me any questions I said “I’ve been a member for 20 years and I’ve never had to do this 2 Factor Authorization in the past and I think it's because of the recent fraud on one of my accounts and since AmEx can always see the phone number from which I’m calling or the device I’m logging in from, is there any way I can request the 2FA to end?”
He said “let me ask the questions and then I'll look into that.” In this case the 2FA was for him to call my mobile phone while he put the landline call on hold. He called my mobile phone, asked if he was speaking to me, I said “yes, you are.” He ended the mobile phone call, came back on the landline, said “the authorization is complete and I removed the code that requires 2FA.” I said “does removal of the code for 2FA for phone calls also remove the 2FA requirement when I log in on a Windows PC?” He said “yes.” I said “thank you very much, you've made my day.” I logged into my account on my desktop PC immediately afterwards, no two factor authorization required. Happy camper.
Last edited by Dr Jabadski; Oct 21, 2023 at 6:53 am Reason: bold added to some text