App, Security and Privacy (Fingerprint, Pin, or Password)

When you’ve waited 9 months for a feature, what’s 6-9 more…

That’s for fingerprint, not a pin. @hugo is questioning if PIN fallback should be a thing (despite both Apple and Google OS implementations suggesting it should be, and it being in Android Material guidelines that fingerprint should not be the only authentication method used).

Personally, I’m not too fussed. But as it is, if I hand my unlocked phone to someone to show them a picture or video, 3 taps and they see every transaction I’ve made. It shouldn’t be a third party app or changing user in android as the solution.

2 Likes

Agreed

I’m absolutely on the side that it should be, and was actually quite surprised it isn’t in the iOS app currently.

1 Like

Clearly the Monzo team agrees as fingerprint protection is on the roadmap so the question is “how urgent is this?” & the team clearly don’t think it’s very urgent - presumably because users have those alternatives in the meantime.

1 Like

Search is obviously more urgent :slight_smile:

1 Like

Yes, I don’t understand what the argument is for not providing PIN as a fallback. Is there some sort of security issue? I’m surprised there is a discussion around this. Even if everyone had a fingerprint scanner (they don’t), it often doesn’t work if using your phone in drizzle/wet/sweaty conditions.

1 Like

This was discussed a while ago in the developer’s Slack. I won’t post the whole conversation without the context but it’s worth pointing out that -

|227.5x156.5

So it’s probably not taking the time to discuss this until the current accounts launch & we know what the security features will be.

Then, since there will be a white paper on this, the experts in this community will have an opportunity to take part in a peer review on Monzo’s approach :wink:

And just in case everyone wants to carry on discussing this now, here’s some food for thought -

|227.5x189.5

|223x117.5

so if anyone wants a PIN, I’d be keen to hear their solution for the recovery process too…

1 Like

What’s the damage someone could do with access to the Monzo app? They can’t wire money out of the account, they can’t get the card number either, so to take your money they’d need the physical card anyway.

To be honest given how much personal data we keep on our phones someone having access to the Monzo app would be the least of my worries.

I think this kind of reaction is the consequence of all the “security theatre” implemented by legacy banks, where you have to go through 10x different authentication systems just to see your balance. People eventually get used to it and immediately discard anything less annoying as insecure without thinking of the actual risks (or lack thereof). I am glad Monzo is cutting that crap and saves me time and frustration.

4 Likes

It’s important to note that this PIN/Password/Fingerprint is an app lock mechanism only, this PIN should ideally be different to your card’s PIN. Since it’s an app-related PIN; I wouldn’t expect it to be there when reinstalling app, so I don’t think there really needs to be a recovery method. If someone forgets it, then they can just be permanently locked out requiring them to go through email re-authentication with magic link again after which they can then set a PIN as if for the first time on a fresh app.

More than a fallback I think the reasoning in Android is that fingerprint is never the main method of unlocking the phone, it’s just an extra that simplifies the actual unlocking process. Fingerprint has its own entry in the security settings (at least on my phone, I can provide screenshots if needed) and they are not included in the main lock options of which you need to choose one before you can even enable fingerprint. You also can’t use fingerprint to unlock phone on start-up for some reason. This is the kind of fingerprint authentication philosophy I would expect: PIN first and a fingerprint if phone-enabled to bypass this in a faster, handier way.

I personally don’t care for this extra security, my phone is pin/fingerprint protected and I’m its only user. But I do feel that if Monzo are going to allow users to lock their apps, they should allow a PIN fallback because while it doesn’t happen regularly; every now and again, my fingers don’t work and I have to unlock phone with PIN. It would frustrate the life out of me to occasionally find myself locked out of the Monzo app because fingerprint wasn’t being recognised.

2 Likes

In that case, the PIN wouldn’t be effective protection at all because the phone’s user will also have access to their emails (unless they’ve protected them via a PIN & in which case what’s the recovery process for that one?) so they can just delete the app, remove the PIN protection & then log in via the magic link.

2 Likes

Isn’t that what already happens with fingerprint on iOS? If not does Monzo save fingerprint Ids on server to authenticate every time? What’s recovery method for lost fingers? (joke obviously) and how do Monzo make their apps work offline?

That a thief could bypass local unlocking facility by authorising himself through victim’s emails is a failure of the magic link auth process more than the local lock which is not there to protect against that. But magic links have been discussed at length elsewhere here, so I’ll nit get into that here :smirk:

No because this :arrow_down: is an edge case :wink:

Magic links & emails are protected by the device’s passcode / fingerprint protection. We’re talking about protecting the Monzo app with a PIN from someone who’s been allowed past that protection i.e. a friend / family member here.

On iOS there is no way for an app to access the raw fingerprint data. All an app can do is tell the OS “here’s a secret value, give it back to me upon presentation of a valid fingerprint”.

1 Like

I understand that. Answer me this: what happens to iOS Monzo app when you delete/install again? does it still ask for fingerprint?

I’ve just checked & no it doesn’t. But presumably it should :slight_smile:

I don’t think it can - apps can’t retain their state if deleted (unless they put all of it in iCloud Drive), and I think the iOS security subsystem also clears app’s secrets like the one used for fingerprint locking.

That’s the point I was initially making. App lock is just that, a localised app lock. Your security lies in the email auth, main phone lock. Either that or you go legacy bank with three random chars from your secret word everytime you open app (no please) :nauseated_face:

By the way,

[quote=“bhonobo, post:116, topic:6218”]
I personally don’t care for this extra security, my phone is pin/fingerprint protected and I’m its only user.
[/quote] just throwing things into the mix. :stuck_out_tongue:

4 Likes

Hang on…so you don’t think there should be a PIN now?

One is security of funds, the other is security of personal data…two separate issues.

2 Likes

I’m aware that they’re separate (though related) issues but I’m not sure what the link is between that & the points that I’ve been discussing with Patrick, could you please clarify?

I don’t think his issue is with weather the app secures your data with a pin or fingerprint as he seems not to want to much hassle getting in. It seemed to me more like a query as to the technicalities of how fingerprint identification in the device and it’s OS interact with the Monzo app and if deleting and reinstalling the app changed the app’s state thereby removing any fingerprint protection and stuff like that. One for Monzo techies I think, if they can follow the thread or should his various points be sumarized in one place (as it hard to follow being split up with other posts)

1 Like