App, Security and Privacy (Fingerprint, Pin, or Password)

I personally don’t secure my phone either. I use last pass to store all my passwords (with a very secure master password), I’m on prepay so no risk of anyone running up a huge bill, and all banking apps have multi-factor authentication (except monzo).

I think it’s great that I can view Monzo without typing in multiple passwords but I do think a 4 digit pin code on debit card top ups is sensible.

1 Like

I am using KeyPass for passwords, which is cross platform and I don’t store anything in the browser either. Even if I do accidentally, I am logged into chrome and cleaning history works across platforms also.

So if I notice I lost my phone, I can simply wipe my history from any device.

You can also remotely wipe the device using google device manager.

So yea, only insecure bit on my phone now is Monzo

As someone with a huge interest in mobile security, it’s always fascinating the different ways users choose to secure their devices.

Without any kind of device protection on Android though, anybody can grab your device and use it, set up ADB, extract any data they want, run practically any code they want, lock you out of any ADM actions and begin breaking in to accounts using recovery methods including SMS and phone calls using your number.

4 Likes

Then you should be one who would support additional security on financial applications, rather than saying you need to secure your phone instead.

What you describe makes maybe sense for people who have their whole life on the phone - but as I say - all sensible stuff is in a secure area - Samsung Knox has even been approved by the US Military …

If you are so worried about ADB and ADM actions - then why not worry about someone finding a way to use the Monxo app to redirect money somewhere where it doesn’t belong

2 Likes

I had to take Monzo off my iPad as my daughter could just top my card up without requiring any pins at all :expressionless:

So i now rely on Monzo on android to top up.

Hopefully a pin to open the app / topup is the next feature on ios/andorid.

3 Likes

On Android I found an app which sets protection to any app :

1 Like

Monzo on iPad doesn’t really have much benefit over Monzo on iPhone from what I see. It’s just another scaled up iPhone app.

Call me paranoid but I prefer my financial transactions hidden from prying eyes. Amongst other things, I buy gifts with Monzo so I wouldn’t want the recipient of said gift to know anything about it.

If the phone itself its not secured then the app should be. If Touch ID or another form of biometric authentication isn’t available then I’d always recommend some form of secure manual input authentication like a passcode.

3 Likes

I’m very much in favour of additional security on Monzo’s client applications and at an API level. I’m also not suggesting that device level security replaces app and account security, rather that device level protection is a very important start to the whole security model. Any client side application security is completely untrustable if it’s sitting on a compromised device or OS.

4 Likes

Also nice alternative :

Yeah actually a bank app should have security, I hope monzo is adding at least the option for fingerprint locking instead of having to use an easily uninstalled third party app

3 Likes

The one I posted cannot be uninstalled without finger print authentication

There should always be an alternative to fingerprint readers due to the problems people have with them if they work in certain industries or have certain impairments.

There are many people who suffer from skin diseases. Some of these diseases have a strong influence on the process of fingerprint recognition. People with fingerprint diseases are unable to use fingerprint scanners, which is discriminating for them, since they are not allowed to use their fingerprints for the authentication purposes.

The various diseases include Hand eczema / hand dermatitis, Fingertip eczema / fingertip dermatitis, Pompholyx / dishidrosis, Tinea of the palm / tinea manus, Pyoderma, Pitted keratolysis, Keratolysis exfoliativa, Lichen planus, Acanthosis nigricans, Pyogenic granuloma, Systemic sclerosis, Raynaud’s phenomenon, Medication induced adverse skin reactions, Leprosy, Herpes simplex virus, Scabies, Erythema multiforme, Dermatitis artefacta, etc, so it a bigger problem than may first appear.

2 Likes

Richard, I think you either missed the point of this thread, or you simply haven’t read the original post / beginning of this thread.

The point wasn’t that some of us want to see the fingerprint reader implemented, besides, not every Android phone got one, but the point was that Monzo, as financial application, has no second security at all.

I don’t care if it is via password, pin or whatever else the phone is offering. But I think it NEEDS some sort of second security and not just someone here from monzo suggested, have to rely on phone security.

It is not just about top ups etc., but sometimes my purchase history is none of anyones business. Even if I hand my phone willingly to someone for whatever reason and he just opens the app - none of their business.

But it seems for some reason that i have to keep defending additional security here - I don’t get it.

The above examples of fingerprint apps were merely a suggestion for people who seek security for their monzo app - either app supports password as well so fingerprint is not mandatory.

2 Likes

agree a PIN or whatever is needed but ao many iOS users keep harping on about fingerprint readers it is worth being aware of their drawbacks for some customers

1 Like

your point “It is not just about top ups etc., but sometimes my purchase history is none of anyones business. Even if I hand my phone willingly to someone for whatever reason and he just opens the app - none of their business.” is the one that strikes a cord with me

2 Likes

I think it needs an optional second form of security. Not everyone uses their phones in the same way, and for me, I’d rather the security was a pin etc on my phone, then having to login to the app every time I want to check my balance.

In the future when the app itself offers way to remove your money from your account it’d be comforting if some form of security was required for this sort of transaction.

5 Likes

Please please please do NOT make this extra layer of security compulsory!

By all means add the option to secure the app with a billion digit long password or the fingerprint of your left third finger and your right index finger or whatever else banks come up with next but personally, i do not see the point, other than inconvenience and a false sense of security.

My phone is protected by a PIN code already and by a fingerprint, why would i need to enter what lets be honest is going to be the SAME PIN code to unlock the app or use the SAME FINGERPRINT to unlock the app that i have already used to access the phone. If you don’t have any security on your device then that’s another story entirely but that is your choice and if my phone fell in to the wrong hands without a pass code, i think an unsecured monzo app would be the least of your worries with the amount of other personal information that can be accessed and used to steal your identity within your emails, text messages, phone book etc. or even having access to your emails would allow someone to reset your other accounts passwords!

Okay so rant over now, my point being yes, implement an extra layer of security by all means but don’t force it on us all!
Ash

2 Likes

Should be optional. Different people, different habits

1 Like

@ArcticAsh - rant

@Gojaba - summary

I agree with you both entirely, either way you put it. I don’t think it was ever suggested that additional security be compulsory. Although it’s easy to see where the idea comes from based upon other banks cough HSBC cough forcing absurd security measures upon users.

1 Like

Apologies :slight_smile:

< /Rant>

1 Like