I think I agree - but you have to allow for different folks’ tolerances. Some will be as secure as you, some will use chrome’s password manager, some will use the same passwords for everything or write them down.
Security has to be easy or a lot of people won’t use it.
Like you, use 2FA on new devices with various codes being sent to my phone - I wonder if there’s some way Monzo could use 2FA when the app is on the phone? Maybe using one of those motion code cards (though that would require card to be kept separately feom phone).
I think it is also important to consider the difference between privacy and security. There is no real need for bank balances to be super secure but it would be good to have some additional (simple!) security on things like high value money transfers.
Absolutely. I wouldn’t enforce strict security on everyone. It has to be optional. I was merely stating the importance of not writing it down. I’ve heard of some bank card holders writing their PIN on the card itself, which is just asking for trouble.
I think it is also important to consider the difference between privacy and security. There is no real need for bank balances to be super secure but it would be good to have some additional (simple!) security on things like high value money transfers.
If those additional security settings can be tweaked via the app then the app or device needs at least some level of security.
When other features arrive that can potentially remove other people’s money (with their consent) such as requesting money, bill splitting, then I would guess a minimum level of security is enforced within the app. I wouldn’t recommend that my partner has his Monzo app unsecured because partly that could affect how much I end up paying towards other things. Or an intruder could send money to themselves or someone else. Granted, I doubt anyone would do the first scenario maliciously but maybe his small child grabbing the phone while he has dozed off and begins playing around in the app.
Just to add to the requests, I would also like some kind of app-level authentication added to the Android app, particularly for topping up via debit card. But happy for this to be optional.
I can understand someone wanting a 4, 5 or 6 digit pin to protect the app so people can’t view your balance or transactions but can’t see any point in specifically protecting deposits to your account! Withdrawals you may wish to stop but why would you want to stop someone topping up your account?
Because they would be topping it up from my current account. It’s not free money for me. And it seems to me someone could easily cause my current account to go overdrawn which could lead to charges. This could be someone who has stolen my phone in an unlocked state (e.g. a mugging) or could simply be a child (or one of my man-child friends) playing with my phone.
But if the authentication point is at app-entry rather than at top-up point, that’s fine with me.
I’m happy with the current situation (on iOS with touchid at least) but doesn’t the fact you’re using the app on your own phone already count as multifactor?
It’s not on Android yet. My husband has an iPhone so has access to TouchID login at the moment.
As a diehard Android user, I’ll have to wait for Monzo to update the Android app. I have an HTC10 as my daily driver which does have a fingerprint lock.
I can’t believe that NatWest, have managed to develop fingerprint unlock for their Android app, before Monzo!
Closest thing you can do on Android is if your phone/os/rom supports applocker. That lets you add additional passwords or fingerprint locks on apps. Once I figure out how to upload screenshots on this post I’ll post what it looks like on mine (OnePlus 3T running Oxygen OS)
They aren’t my developers, but it is coming to Android.
May I ask why you feel the app itself needs security? Personally I don’t have it turned on on my handset. My phone is secured by the PIN/Touch ID to unlock.
Reason for password is that at the moment anyone who has access to my phone
has access to my Monzo.
My phones isn’t always locked. Plus there are a few people that know my
password because I’m happy for them to have access to my phone but not
nessessary access to my banking.
The app is great and I love the whole concept of what Monzo is trying to
achieve.
For me personally I just like the feeling that the app itself is secured even when my phone is unlocked? I realise that in all honesty it doesn’t add much extra security, but the feeling is there, and I guess there’s something to be said for that?
This too, sometimes I’ll give my friends my phone to show them something/let them do something on it, and whilst I trust them not to go looking at all my other apps and stuff, with finance ones especially it’s nice to have the extra barrier so that they can’t get in/don’t accidentally click the wrong app etc…
Overall I think it’s just nice to have the option, people who want to enable it can, people who don’t don’t have to, everyone’s happy!
I’m not sure how to respond to that. Please remember that currently it’s not a full banking app in a sense that you (or anyone on your app) cannot really transfer money out of your account. At least not without your Monzo card PIN so it is still relatively secure. Maybe I’m missing something else, another scenario maybe, happy to discuss and see it from your point of view.
Even logging in is trivial with just the phone as there’s not even a password, just an email link. I mean Monzo don’t need to get draconian with security, but they really haven’t gone far enough.
