App, Security and Privacy (Fingerprint, Pin, or Password)

(Mega Charizard) #288

Ok I do genuinely apologise. But what I say stands just replace security for privacy.

3 Likes

(Richard Cook) #289

FYI… :eyes:

1 Like

(Richard Cook) #290

Good news, everybody!

3 Likes

#291

This is just for Privacy IMO, Security is still reliant on PIN and email.

2 Likes

#292

Nope. “Good news, people with Fingerprint enabled devices and without skin conditions!” That’s very far from “everybody”!

It’s very, very sad that Monzo thinks this half-baked workaround is the solution to the request for privacy and security!

1 Like

(Alex Sherwood) #293

As far as I can tell, there’s two users in this community who can’t use the fingerprint unlock feature..

I think it’s good that they’ve bought this out now so that most users can benefit from it.

They have of course said that they’re considering a solution that works for everyone too and that, that decision will be informed by how much usage this feature gets.

Click the :arrow_down_small: to view the full post.

2 Likes

#294

How many times will people need to say that none of these client-side restrictions provide any kind of security? If your device is compromised, so will be your fingerprint, PIN, or password, or smartcard/hardware token because you’ll be entering the secret values in that same compromised device.

2 Likes

#295

You don’t :slight_smile: Read up on “Security in Depth”. Just because one aspect doesn’t provide absolute security in itself, doesn’t mean it’s useless…

0 Likes

(Alex Sherwood) #296

I’m not sure it’s worth having this discussion in two places at once, you’ll only end up repeating yourselves..

I’d suggest you discuss this in the other topic that I’ve linked to there :point_up:

3 Likes

(Nick) #297

Gojaba to answer your question directly I believe the security situation is actually quite similar regardless of whether or not we are talking Android or Apple iOS. The security measures are based on a form of 2Factor Authentication; one is the hardware Android or iOS device and the number associated with the device. This is transacted by using “tokens” which if my understanding is correct are proxies for the actual data, number etc they refer to. If there is a vulnerability in this it is in relation to the fact that the token is capable of being ex-filtrated, stolen and manipulated. iOS devices offer a very good level of security and anonymity provided iCloud is turned off. There is a Russian company (rival to the Israeli company) who can analyze an iPhone and compromise its security: they do this by gaining access to the security token and manipulating it (without recourse to Apple).

0 Likes

(Jack Donovan) #298

Email?

I’m sorry I can’t agree with this! If somebody is using your monzo account, on your phone. Email is only a click away

On the security note, I would quite like 2FA (Hardware device - I have one from square enix for a game. Its a keyring where you press a button and it gives you six digits that you use to login)

0 Likes

#299

You don’t have to be sorry but I am not sure what you don’t agree. I just pointed out that current Andriod fingerprint lock by Monzo is going to act just as an extra layer of privacy. It is not a security feature at the moment because Monzo login relies on your email hence the security of your email is going to prevent unauthorised login. Most people keep their phone secure with a PIN so that is the real security of your email and Monzo App.

3 Likes

(Jack Donovan) #300

That makes complete sense now, I thought you meant email verification would be a good form of security. Read it completely wrong lol :yum:

0 Likes

#301

So the fingerprint feature is great. But a slight problem arises sometimes. I’m a climbing guide by profession, and often find that after climbing or rope work, the fingerprint sensor doesn’t recognise my fingerprint. The same thing happens if I’ve been at the gym lifting, and I assume it happens for others who use their hands alot.

A fingerprint override option, so that I could input a pin or similar would be great, as currently if this happens, I’m unable to use the app.

4 Likes

(Emma (still not the app)) #302

Ok this is a controversial topic round here but if you always leave your phone locked do you need the additional lock on the app? Just toggle it off in app settings (on iOS, I presume same on android).
Some of us are happy with just the phone lock, some like both locked

7 Likes

(I Can't Wait Till Tuesday, Scrap The Graph Day!!!!) #303
0 Likes

#304

There shouldn’t be a need for that though. A pin would be simple enough to implement. Unless there’s a reason I’m missing for not including it.

2 Likes

(Jolin) #305

The weakness with a PIN is the recovery process if someone forgets it. If technically possible, it would be best to use the phone’s PIN, but maybe this isn’t possible?

1 Like

#306

You could reset it just like you can do with the app currently. Log out and log back in. Online accounts are all reliant on passwords, so forgetting it seems like a problem that isn’t really there. Atleast, no more than any other service.

0 Likes

(Philip Barton) #307

Completely agree with this. Have just switched to Monzo from HSBC but also got Starling account and Tide for Business.

I use Iphone and in Monzo app there is a finger print log in but it stays unlocked for way too long. It should lock out within 3-5 minutes. Yes its a pain to log in again but much more secure this way.

Starling and tide use both pin or passcode and this feature should be added ASAP and is an easy and quick fix

1 Like