I’m imaging myself stood on pavement with no watch, no phone, no wallet… probably wondering how i’m gonna get home, or how i might call the police. With nothing on you, how are you locking your phone within 30 seconds?
I’m not speaking just for banks here. Especially not the old fashioned ones, where it’s just happens the theatrics that make it hard for users have the caveat of also making it hard for thieves. Which is the difference. It’s just harder, not necessarily more secure, and certainly isn’t the threat they were designing for. It’s archaic 1990’s pc thinking ported to the phones. More generally referencing fintechs and tech companies in general who typically do the security thing much better than banks do.
My infamous boot where I’m known to keep my physical bank cards as opposed to my pocket when I travel with them. I’m not saying that’s where I keep my backup though.
They don’t make them like this anymore (which is a shame if you ask me), but I also have one of these concealed on me when I travel. It’s about the size of a credit card, but as thick as a wallet. Battery last yonks, and I’m always a phone call away from a person I can trust to sure up my account if I need to. I’ve tested it (in theory without stress or adrenaline) and it takes around 30 seconds for them to access my account once answering the phone.
Some of them use the internet banking password as the fallback if biometrics isn’t working. If you forget this I guess you need to go through full recovery of internet banking.
But some use user-defined app-specific passcode which is unconnected to internet banking credentials. I guess if you forget this you just reinstall the app and go through whatever authentication was needed when first setting up the app.
Its not even compulsory to turn on app-lock in Monzo. So use of an app passcode (instead of falling back to device passcode when biometrics fail) wouldn’t even impact those who don’t use app lock.
Monzo took four years or so to even relent to adding the option of locking the app at all. I wouldn’t hold your breath on them adding an entirely new code, it’s not their style.
I like the way it is, but fair enough if you want more privacy protection here. Personally I’m not so worried, if the absolute worst happened and someone had my phone passcode and my phone, they’d have access to some ahem far more private things than my bank balance already
There is always going to be some balance between security and usability.
For me banks need to move away from relying on phone numbers for verification. Sim swap can happen by mistake, as happened to a friend, when someone at their mobile company mistyped the last digit of phone number being setup.