I posted somewhere up there ^^ about problems getting my code, it's sorted now and so this is a belated follow-up.
TLDR: it was my error (probably), jump to Tips below.
In brief:
3 trips to 2 different post offices, with 2 types of ID.
After the PO visit you get a confirmation email but THIS MEANS NOTHING.
Neither OneLogin nor CH will notify of failed checks, LET ALONE WHY. <- THIS IS THE MOST INFURIATING PART.
Emails to CH either unanswered, or failed to answer the actual query.
Phone call to OneLogin support - friendly, empathetic, and quite literally said "You're wasting your time".
CH threatening "enforcement action".
The app works only with the latest tech and with the planets aligned.
ACSP accountant unable to help.
My error:
It finally dawned on me that my details at CH lack my middle names (which I never use) and while that may have been a conscious decision when registering the company all those years ago, the fact is long since forgotten. My passport and DL however do have my full name.
I can't say for sure this was the reason, BECAUSE THEY REFUSE TO SAY!, but it seems likely.
So I updated my details at CH. Created a new OneLogin account, also a new CH account, made a 3rd visit to a (different) post office. Got the same confirmation email. Logged in and hallelujah the code is there.
Observations:
OneLogin may work well for some situations, but it's a misfit for CH's use-case.
My new CH account wasn't yet linked to my company when it succeeded, so I suppose it must search against _all_ directors of _all_ companies.
Seems that if there's no match to a known individual at CH, despite the ID check itself matching a real individual, THE RESULT DISAPPEARS INTO A VIRTUAL VOID.
The inability of the system to report a failed ID check appears to be baked into its design.
Two failed checks with the app and it bans you.
Well, it doesn't actually say "banned", just all further attempts fail without reason.
That's not just the App, you can't even then go the Post Office route.
Fortunately, it's possible to delete your OneLogin account and start again, or create multiple "OneLogin" accounts!!
Even if you're lucky enough to be verified by the system using data it holds already, it still requires that you copy and paste the magic personal code from one page to another.
Your personal code is supposed to be secret but if your company has multiple directors, only one person can do the submission and so will need the codes of the others.
There's no obvious way to revoke a compromised code.
The "App":
What almost 'worked' for me was starting on desk PC browser and transitioning to the mobile app when directed, but only after several attempts and re-installing the app, clearing cache, etc. But it was still to no avail.
The app also has a section for uploading ID documents that is a complete red-herring.
With the app it's trivial to fake the photo ID requirement. Useful if your device camera isn't quite the best.
Passport ID requires the mobile device (and passport) to support NFC.
ACSPs:
There's an official list. Not everyone wants to join, but it seems eventually all accountants will have to as it becomes a requirement for other types of filing.
In-person checks by an ACSP are in theory possible. The procedures allow the human in the loop some leeway to make pragmatic decisions, but - it seems that no accountant will ever offer in-person checks as it stands due to the liability and HO compliance requirements.
This means a new industry selling 'solutions' much like theparasites industry we have around IR35.
I contacted a handful of accountants on the ACSP list, about half replied, and only one offered to help, albeit for a very reasonable fee.
But... their 3rd-party service was a total fail on every device that I tried, either crashing, landing on a blank page, or stuck in endless loop. Well, it did at least allow to upload ID directly from a PC browser, something not possible with OneLogin.
The service involved two entities other than the accountant, BrightChecks and Credas, and I never worked out who was reselling who.
Tips:
Don't leave it until the CS is due. Do it now. You can apparently submit early without paying the fee.
Check carefully that your selected ID details match PRECISELY the details that CH have for you as director.
For the Post Office route: don't rely on the confirmation email. I did the check well ahead of time (months) and thought all was good then hit a brick wall when the time came to submit CS.
For the app: preferably use a high end device with decent camera (capable of close-ups of photo ID) and NFC reader. It may work better on iPhone - I didn't try. The Play Store reviews have tips to make it work on Android (something to do with Chrome). You'll also need appropriate lighting and background for the photo. And remember, two failed attempts and you're locked out.
For the ACSP route: try to reach agreement that fees only due on successful verification. If you're wondering who on the list might be nearest, I managed to do that by spreadsheet- about the only thing useful to come out of this - happy to share.
Special mentions:
CH are ***ing useless.
Seriously, these checks are well overdue imho. But CH have thrown this together with no regard.
When asking for help they just forward it to OneLogin, promise a response in 5 days and then fail to keep to this. On chasing, same again forward to OneLogin and promise 5 days.
The belated response from OneLogin is Computer Says No. CH kindly forward this back, adding (paraphrased): oh, and it's your legal responsibility to meet our new requirement and we'll take action if you fail to comply. <- afaiac *that* is harassment.
Computer Weekly had several articles on OneLogin security (or lack of), also picked up by other sources - linked to in an earlier post though I can't find it now.
Looking forward to the next hike in CH fees to coverthis their mess.
TLDR: it was my error (probably), jump to Tips below.
In brief:
3 trips to 2 different post offices, with 2 types of ID.
After the PO visit you get a confirmation email but THIS MEANS NOTHING.
Neither OneLogin nor CH will notify of failed checks, LET ALONE WHY. <- THIS IS THE MOST INFURIATING PART.
Emails to CH either unanswered, or failed to answer the actual query.
Phone call to OneLogin support - friendly, empathetic, and quite literally said "You're wasting your time".
CH threatening "enforcement action".
The app works only with the latest tech and with the planets aligned.
ACSP accountant unable to help.
My error:
It finally dawned on me that my details at CH lack my middle names (which I never use) and while that may have been a conscious decision when registering the company all those years ago, the fact is long since forgotten. My passport and DL however do have my full name.
I can't say for sure this was the reason, BECAUSE THEY REFUSE TO SAY!, but it seems likely.
So I updated my details at CH. Created a new OneLogin account, also a new CH account, made a 3rd visit to a (different) post office. Got the same confirmation email. Logged in and hallelujah the code is there.
Observations:
OneLogin may work well for some situations, but it's a misfit for CH's use-case.
My new CH account wasn't yet linked to my company when it succeeded, so I suppose it must search against _all_ directors of _all_ companies.
Seems that if there's no match to a known individual at CH, despite the ID check itself matching a real individual, THE RESULT DISAPPEARS INTO A VIRTUAL VOID.
The inability of the system to report a failed ID check appears to be baked into its design.
Two failed checks with the app and it bans you.
Well, it doesn't actually say "banned", just all further attempts fail without reason.
That's not just the App, you can't even then go the Post Office route.
Fortunately, it's possible to delete your OneLogin account and start again, or create multiple "OneLogin" accounts!!
Even if you're lucky enough to be verified by the system using data it holds already, it still requires that you copy and paste the magic personal code from one page to another.
Your personal code is supposed to be secret but if your company has multiple directors, only one person can do the submission and so will need the codes of the others.
There's no obvious way to revoke a compromised code.
The "App":
What almost 'worked' for me was starting on desk PC browser and transitioning to the mobile app when directed, but only after several attempts and re-installing the app, clearing cache, etc. But it was still to no avail.
The app also has a section for uploading ID documents that is a complete red-herring.
With the app it's trivial to fake the photo ID requirement. Useful if your device camera isn't quite the best.
Passport ID requires the mobile device (and passport) to support NFC.
ACSPs:
There's an official list. Not everyone wants to join, but it seems eventually all accountants will have to as it becomes a requirement for other types of filing.
In-person checks by an ACSP are in theory possible. The procedures allow the human in the loop some leeway to make pragmatic decisions, but - it seems that no accountant will ever offer in-person checks as it stands due to the liability and HO compliance requirements.
This means a new industry selling 'solutions' much like the
I contacted a handful of accountants on the ACSP list, about half replied, and only one offered to help, albeit for a very reasonable fee.
But... their 3rd-party service was a total fail on every device that I tried, either crashing, landing on a blank page, or stuck in endless loop. Well, it did at least allow to upload ID directly from a PC browser, something not possible with OneLogin.
The service involved two entities other than the accountant, BrightChecks and Credas, and I never worked out who was reselling who.
Tips:
Don't leave it until the CS is due. Do it now. You can apparently submit early without paying the fee.
Check carefully that your selected ID details match PRECISELY the details that CH have for you as director.
For the Post Office route: don't rely on the confirmation email. I did the check well ahead of time (months) and thought all was good then hit a brick wall when the time came to submit CS.
For the app: preferably use a high end device with decent camera (capable of close-ups of photo ID) and NFC reader. It may work better on iPhone - I didn't try. The Play Store reviews have tips to make it work on Android (something to do with Chrome). You'll also need appropriate lighting and background for the photo. And remember, two failed attempts and you're locked out.
For the ACSP route: try to reach agreement that fees only due on successful verification. If you're wondering who on the list might be nearest, I managed to do that by spreadsheet- about the only thing useful to come out of this - happy to share.
Special mentions:
CH are ***ing useless.
Seriously, these checks are well overdue imho. But CH have thrown this together with no regard.
When asking for help they just forward it to OneLogin, promise a response in 5 days and then fail to keep to this. On chasing, same again forward to OneLogin and promise 5 days.
The belated response from OneLogin is Computer Says No. CH kindly forward this back, adding (paraphrased): oh, and it's your legal responsibility to meet our new requirement and we'll take action if you fail to comply. <- afaiac *that* is harassment.
Computer Weekly had several articles on OneLogin security (or lack of), also picked up by other sources - linked to in an earlier post though I can't find it now.
Looking forward to the next hike in CH fees to cover
Comment