App, Security and Privacy (Fingerprint, Pin, or Password)

If it isn’t needed, why does the iPhone app have the feature?

2 Likes

I didn’t say it’s not needed but it’s a privacy feature, not a security feature -

Not everyone has a fingerprint reader or can use such a reader. The simple addition of a PIN, oft mentioned in this forum, would be a better solution, and as people have suggested with an option to toggle on or off in the settings.

Personally I think it is disgraceful that the bank don’t seem to give a damn about our privacy. It is all very well worrying about security and transfer of money but privacy and unsanctioned viewing of your transaction data etc is something they should seriously address

3 Likes

I really don’t understand why Android users have to defend the feature and Monzo / iPhone staff and users argue against it when iOS has it.

3 Likes

I’m not arguing against the feature either…

There’s a queue of features on the roadmap & this is one of the features that’re waiting to be built.

3 Likes

Do fingerprint auths not generally revert to pin or pattern on Androids that don’t have fingerprint readers or when fingerprint authorisation has failed?

EDIT: I would expect Monzo to have PIN as backup when no fingerprint reading is possible. What way does it currently work on on Monzo’s iPhone app?

1 Like

It’s disingenuous to describe it as “unbelievably insecure” for this reason, when other banks are still fucking up certificate pinning, SSL verification, password storage and other actual security issues.

Sure, some form of access control functionality might be useful. I still think the Android screen lock and PIN re-prompts are acceptable, though.

2 Likes

I’m curious, do people who want the Monzo app to have a PIN lock or similar not have similar complaints about:

Gmail
Facebook
Twitter
Photo gallery
etc?

Every time my phone screen powers down, it needs to be unlocked before it can be used again. That’s good enough for me. I’m genuinely baffled by the “but when I give my phone to other people…” argument as the same also applies to the apps listed above. I wouldn’t want anyone accessing (and therefore potentially hijacking) my email, posting fake updates on my Facebook or Twitter, or freely scrolling through my photos - but I don’t want ever individual thing locked. I simply just don’t hand my phone over to be used unsupervised.

Am I unusual in this? My phone in and of itself is so inherently important to me that I’d no more hand it over freely than I would my wallet. And as I say, I protect the phone itself so it locks when not in use. If every single app also had its own individual lock - Monzo included - then the increased friction would start to frustrate me. Indeed, my other banking apps are something of a chore to use due to their ‘security’ features, and one of them has locked itself (I think because I didn’t use it enough) and needs faffing around with their site from my desktop to reauthorise it, Guess what - I haven’t yet.

tl;dr Monzo’s current functionality suits me just fine.

13 Likes

Yes my Outlook has a pin, my Facebook and Twitter have a password…so why not Monzo

2 Likes

Well said that man, I could not agree more :clap:

3 Likes

I still don’t understand why it is such a bad idea to have an option similar to iPhone. Bottom line is - if you have your phone unlocked - accidentially or not, you can transfer money to yourself without further security - all it takes is you being a contact on the phone.

It is an effin financial app - if it would be just about looking at transactions etc., fine - I don’t care - but you can transfer money at a single click …

Even the amex app has additional security and you can’t even transfer money with it.

1 Like

Any time an app gives me the chance to protect it I turn it on. Rather than apps having to choose to include it, I think it would be great to have it built into the OS. Extra view under security where I can turn on TouchID/PIN security for apps. In the same way I can limit mobile data.
I’d feel much happier letting my sons play games on my phone if I knew they couldn’t open a majority of the apps. I know guided access exists but that’s not always useful when they change games every 30 seconds.

Even my reddit app has TouchID/PIN to open it. I think it’s reasonable to expect a financial product to cover all bases when providing an element of security.

2 Likes

*Privacy :wink:

Meh, the security provides the privacy.

3 Likes

The semantics matter here because a) the app isnt insecure (so security doesn’t need to be improved - or at least it doesn’t based on the discussion we’ve had so far) & b) you can use different approaches to manage privacy vs security.

With all that rambling about whether it is needed or not, security or privacy or not - at the end there was one question - if available on iPhone - why not Android - and now I believe it is on the road map … Do we have an indication about a timeframe here ? Because I don’t care what other people think - I would love to see that option.

1 Like

You log out of every app on your phone every time you use them?

2 Likes

yes I do if they are not designed to lock every time they go into the background or minimized

Would it not just be easier to not give people access to your phone? Most people just lock their front door rather than putting separate locks on every room

6 Likes

That’s not the case. To transfer money to another person, you have to enter your card PIN in the app. The only thing you can do in the Monzo app is transfer money __in__to your Monzo account. So all someone using your phone can do without a PIN, is to add money to your Monzo account.

I’m not arguing against adding the requested feature to the Android app. As others have said, if it’s in the iOS app, then it should be in Android. But I wanted to correct the above, as it’s just not right that someone with your phone can transfer :pound: from you Monzo account to themselves (or otherwise decrease your balance).