Issue: Why am I being prompted to update the security question and/or token multiple times within the Ledgersync software, isn't that the point of Ledgersync to retain client's login credentials?
Explanation: Banks/Credit Card companies have established what's called Multi Factor Authentication (MFA) , which in simple terms means; the bank wants to confirm that the person accessing the bank account is really the account owner. In order to confirm, they require the account owner to login with their user id/password + a token or answer a challenge question that is sent to the owner of the account. If both are answered successfully, most likely the account owner is legitimate.
The bank typically will store what's called a "Cookie" on the browser so that if the account owner logs in again with the same IP Address and Same Browser it will not prompt for the security question/token (or MFA). However this is at the discretion of the bank, sometimes they don't store the cookie on the browser or they sometimes list IP Addresses that will always require a security question or token. This is the bank's decision and it's up to them. For example, Ledgersync uses a very high end, secure hosting service to host the Ledgersync data, some banks have require security token from any request coming from a hosting provider.
This is done for the security of the account owner.
Fix: The only fix is to update the security question on Ledgersync as it is prompted.
It's a good practice to have the client add the bank account and update Ledgersync so that if the bank prompts a security question, the account owner can update the security question or token.