Continued access requires re-confirmation

Ask Anything
1

Tiller friends
i used to refresh the my bank transactions on the tiller portal whenever i wanted “near realtime” data.
now i am getting this error:
“Continued access requires re-confirmation with Tiller every 30 days”
what does that mean?
is it a new “feature” or just service degradation?

i do NOT have 2FA

1 Like
2

Here’s some info on refreshes that may help:

What is Yodlee’s refresh policy?
Yodlee considers opening the “refresh” or “edit credentials” tool from the Tiller Console (https://my.tillerhq.com) as activity. Only visiting the Console will not count as “activity” to Yodlee, you must manually refresh at least one institution.

  • Frequently changing finance accounts (bank, card, investments) are refreshed daily for users who are active within the last 30 days.
  • Frequently changing finance accounts are refreshed every 3 days for users who have been active between 30-45 days ago.
  • Frequently changing finance accounts are refreshed weekly for users who have been active between 45-90 days ago.
  • Low frequency finance accounts (loan, mortgage, insurance, bills) and non-finance accounts (rewards, email) are refreshed weekly for users who are active within the last 30 days.
  • Low frequency finance and non-finance accounts are refreshed every two weeks for users who have been active between 30-90 days ago.
  • Refreshes are stopped for users inactive for over 90 days for any account.
  • If a user is inactive for over 90 days, then user needs to manually refresh the account for automatic refresh to start working again.
3

@Mark.S - I think this is something different. I get the message @michaelo received periodically from different institutions (and I refresh all of my accounts pretty much daily). I think this is coming from the institutional side to ensure that we intend to continue to share our data with a third-party like Tiller.

1 Like
4

Agree, this is something different. I’ve been using Tiller for years and this feels like Yodlee had some kind of security breach and logged everyone out. I can’t think of another reason all of my financial institutions suddenly required me to log in again. If it were truly a result of needing to login every 30 or 90 days then each institution would come up for re-login on a different day, not all at once. I’ve been using Tiller for for years and this is the first something like this has happened.

Its something Tiller or Yodlee should be sending out information about.

1 Like
5

I could be wrong, but I don’t think this is a Tiller/Yodlee thing. At least in my case, it’s requiring me to log in not just for the sake of logging in, but to reauthorize sharing data with Tiller/Yodlee on the bank’s website. In non-Tiller settings, I’ve noticed more and more institutions adopting this protocol to ensure that we know with whom our data is being shared. It is new, but I think it’s new from the banks.

6

There is a lot of good information in that document that Mark linked to:

If using auto refresh:

How can I tell whether my accounts will automatically refresh?

Any accounts that have a blue refresh button and a last refresh timestamp of greater than 36 hours ago most likely require your intervention (possibly every day or every few days) to re-authorize and pull data. This is likely because:

  • You have multi-factor (MFA) or two-factor (2FA) authentication turned on

  • Your bank expects you to have 2FA turned on, even if you don’t

  • The auto refresh has been disabled for this site

Also,

Why do I have to re-authenticate so frequently?

The access token or session our data provider makes with the bank may last a day or it may only last a few minutes, but expect the account to disconnect. The access window has expired for that specific code or session. (e.g. when you’re logged in directly to the bank’s website after a minute or so of inactivity the bank site will log you out automatically). The exact timing of the disconnect varies by institution.

7

Not to repeat myself, but I’ll repeat myself: this is a different issue than refreshing and the standard 2FA prompt for a six-digit code. I have 2FA turned on for everything I can. I refresh my accounts daily. Within the last 72 hours, I’ve had to reauthorize two different banks (Chase and American Express) to continue to share my data with Tiller/Yodlee. It’s not a normal 2FA prompt. When it pops up, I’ve been taken to the bank’s website where I’ve needed to login and go through a process of reauthorizing them to continue to share my data.

8

I’ll be on the lookout for this with Chase. I have a couple Chase credit cards and so far I haven’t seen this (not to say it isn’t a thing). I lately only manually refresh when auto-refresh hasn’t happened in 3 days, or so, and that doesn’t happen with Chase for me.

9

I can also confirm that something must have happened as i had about 10 of my institutions needing re-authentication and re-connection where it sends email confirmation of data sharing almost like an initial setup of account.

2 Likes
10

I just received the Tiller / Yodlee re-confirmation for Chase credit card (Amazon Prime).

2 Likes
11

See? We weren’t making it up! :slight_smile:

1 Like
12

I had AMEX prompt me to take some action. I was notified that I’d need to do every 90 days.

2 Likes
13

@dmetiller I see that. You were right. I always value your knowledge and insight.

1 Like
14

Hi again
to clarify, when you say active what do you refer to? active on the tiller portal? or in updating the excel?
i am updating the excel every few days but i rarely visit the portal. however at this time most of my accounts are falling out of sync and all need to be authenticated again.
is that a “bug” or anew policy moving forward?

2 Likes
15

I’m having the same issue with Chase and Amex. Ive authorized Tiller on both websites, but it’s not refreshing on the Tiller side. When I click “Continue” to authorize from Tiller side, it gives me an error message. This is really igniting my OCD.

16

Hi @michaelo Michael,

As far as how “active” is being defined, those are not my words, they come from the linked help guide quoted by @Mark.S and myself. I can’t elaborate on the various criteria mentioned. The help desk would be the best place to ask.

As far as what has changed to trigger the re-authorization, I think @dmetiller answered it best in the post above and quoted below.

17

I noticed several accounts not refreshing 3 days ago (on 9/17). While refreshing, they all asked for re-authorization to share with “Envestnet | Yodlee”, which I think is a clue. I don’t remember seeing the name Envestnet before. It could be the name change is sending a slightly different API string from Yodlee, which triggers the requirement to re-confirm. That’s my guess. It hasn’t happened since for me.

2 Likes
18

Envestnet is a FinTech company. Yodlee is one of its products. It’s possible some change occurred, but Envestnet has produced Yodlee for some time.

3 Likes
20

Based on what you’re all saying it would sound like a financial institutions thing. Good to know they’re encouraging us to be more careful with access to our data.

1 Like
21

few of my accounts: BoA and AMEX are not refreshing without signon
so is this the new normal?