INC222092: Remember Me and Biometric Login Information Disappearing

The OIDC fix has been successfully deployed, addressing the “Remember Me” expiry issue for desktop and manual login within the mobile app. The system will now refresh the “Remember Me” cookie at login, ensuring saved login information is maintained with ongoing use.

A fix for Biometric and QuickView persistence is being delivered via native Mobile App updates. These updates are being coordinated directly through Client Delivery for each client. Please reach out to your Delivery Consultant through the v18 app upgrade ticket to address timeline.

The Native App hot fix does not require client testing. Once the new apps are in production end users will receive the update through the App Store (iOS) and Google Play Store (Android) (automatic for most users, depending on device settings). Once the users app has been updated, then the system will refresh the Biometric and Quickview settings when a user logs in via Biometric, ensuring saved login information is maintained with ongoing use.

DigitalBanking_Support@Central1.com - 1.888.889.7878 (option 2)

We are proceeding with an urgent OIDC release tonight to address the “Remember Me” expiry issue affecting desktop and manual login on mobile.

CHG170934 – Urgent Digital Banking OIDC Release 1.0.62

Once the release is complete, OIDC will refresh the “Remember Me” cookie expiry at login. This resolves the issue where saved login information was not being extended on return visits. This applies to Desktop login and Manual login within the mobile app.

A corresponding Mobile App fix for biometric login is currently in internal testing. We will provide timelines for app release once testing is complete.

DigitalBanking_Support@Central1.com - 1.888.889.7878 (option 2)

Update: Remember Me and Biometric Login Information

Further to our previous communication, we would like to provide additional details on the issue affecting saved login information.

Current Status
• A fix for OIDC (desktop and manual login flows) is currently in development and is expected to be ready for testing shortly.
• Once validated, this will be deployed via an urgent OIDC release.
• An Android and iOS Mobile App update is also required to address the issue with biometric login.

Mobile App Update
• The fix will require a new version of the mobile app.
• Members will need to download/update the app to receive this fix (it will not apply automatically unless they have auto updates enabled).
• This update will not require members to reconfigure their login details or biometrics beyond the current one-time re-entry if their saved information has already expired.

Scope and Impact
• This impacts all clients with Biometric Login enabled in the Mobile app and ‘Remember Me’ on OIDC.
• For clients not yet on V18 App, the fix will be included as part of their upgrade.
• For clients already on V18 App, a hot fix release will be deployed to the App and Play Stores.

User Experience
• If a user is currently able to log in and has working saved credentials, their “Remember Me” will continue to function until the cookie reaches its expiry.
• If saved login information has already expired, users will need to re-enter their details once.

Online Banking
• There is no impact to online banking functionality outside of the “Remember Me” behaviour already described.

This issue is the result of:
• Modern browser changes limiting cookie lifespan to ~13 months, and
• The application not currently refreshing the cookie expiry on return visits

Next Steps:
1. Deployment of the OIDC fix.
2. Release of updated Mobile Apps across platforms

We will provide further updates, including timelines for app availability in the app stores, as progress continues.

We appreciate your patience while we implement a permanent solution.

DigitalBanking_Support@Central1.com - 1.888.889.7878 (option 2)

We have identified an issue affecting Remember Me and Biometric login information in both Digital Banking OIDC and the Mobile App.

Our investigation has determined that both OIDC and the Mobile App are not updating the expiry date on the “Remember Me” cookie. While this cookie is configured to expire in 10 years, recent changes in modern web browsers now limit the duration that such data can be retained to approximately 13 months (400 days). As a result, any longer durations are automatically reduced by the browser.

Because the expiry is not being refreshed when users return, previously saved login details may expire sooner than intended and may no longer be available. This is why some users are experiencing their saved login information disappearing.
 
Our team is actively working on an update to ensure that login preferences are refreshed appropriately and maintained more reliably going forward.
 
In the meantime, if users’ saved login details are missing, they will need to re‑enter their information. This will restore functionality in the short term, although persistence remains subject to the current limitation until the fix is deployed.

We appreciate your patience and understanding while we implement a permanent solution.

DigitalBanking_Support@Central1.com - 1.888.889.7878 (option 2)