Enter PIN to Access App & PIN Reminder


(laura gold) #1

Hi all,

i have been using Monzo now since August time and i love it.
As there is always room for improvement i thought i could start a thread to highlight these.

For me i feel that there should be PIN access to the App, as at the moment if for some reason i los my card and phone, all people would have to do is top up the card without any credential confirmation.

The second thing i think should be available is the PIN reminder. In a world of contactless it is very easy to not remember. MBNA offer a PIN reminder after asking a couple of security questions, so maybe something similar?


First impressions and things I would like to see
(Naji Esiri) #2

Hey Laura! Appreciate the feedback thanks!

Not sure what device you’re using but we released an update for iOS a few weeks back, which means you can now view your pin in the app https://monzo.com/blog/2017/01/03/pin-in-app/

You can also receive a pin prompt via the help button in the app, all you’ll need to do is provide a few details, and we’ll send you an SMS with your pin. Only a takes minute or two!

Hope this helps!


(Daniel Chatfield) #3

Hi Laura,

I’m a Security Engineer here at Monzo.

Thanks for your feedback. Security is something we invest a lot of time and energy into and at some point I’d like to create a page on the website to explain how we protect your money.

On your first point:
If you have a Touch ID enabled phone then you can enable Touch ID to access the app. However, we see this as a privacy feature, not a security feature. If someone has access to your unlocked phone then they can top up your account but they cannot send any money without further authentication.

On your second point
Again, if you have a Touch ID enabled phone then you can (after activating Touch ID) view your pin in the app. If you don’t then as @Naji says you can ask customer support and they can help you out.


Login fails when Monzo app is locked
App, Security and Privacy (Fingerprint, Pin, or Password)
Bypassing the Touch ID security to unlock the iOS app
App, Security and Privacy (Fingerprint, Pin, or Password)
(laura gold) #4

I am on android (Samsung Galaxy Note 3).

when i choose help, it takes me to a live chat function - is that correct?


(laura gold) #5

A lot of security seems to rely on the Touch ID function. unfortunately my phone is not advanced enough for this.


(Craig Saunders) #6

I’m using a Samsung S7 edge and fingerprint isn’t enabled on the Android app yet. It would be nice if they secured the app with a pin or fingerprint

Hopefully it’s an option soon :heavy_check_mark:


#7

Just wanted to say I love the Touch ID verification. Makes me feel safer about the app.


#8

Are Monzo bothering to do anything at all for the privacy of users without a fingerprint reader…like a PIN to protect the app from prying eyes?


Security - it doesn't 'feel' secure
(Alex Sherwood) #9

This doesn’t seem urgent to me since, as you know, users can use Noton’s app lock app to protect the app with a PIN -

For the benefit of other users, fingerprint protection for the Android app is on the roadmap here.


#10

but as I have said before…we should NOT have to rely on another app like Norton to protect our privacy, the bank should be concerned about their customers privacy and build something simple like a pin into the app

secondly it is concerning Monzo keep avoiding this issue and that their staff keep talking about TouchID and not addressing the issue for those without fingerprint readers

finally they will imminently be a full current account, and nobody in their right mind should bank on an app without such a privacy measure. it was ok when it was just a secondary account or travel card, but with it becoming your primary account would you want friends or kids accessing your data?

I personally have the Norton product you recommend, but I still feel banks need to concern themselves with our privacy as well as our security.

The Monzo app outshines most others, but there will be those who go elsewhere due to this poor business judgement of neglecting basic user privacy


#11

My whole point was about securing access to the app without use of a fingerprint, i.e. on all phone models not just those with certain hardware.


(Alex Sherwood) #12

Maybe I’m missing something - what issue does that cause at the moment?

Hasn’t that been addressed here?

If you don’t then you can use the Norton app :slight_smile:


(Tommy Long) #13

Are there going to be any phones in the next year or so without high-quality fingerprint sensors?


#14

and if you have just bought a phone and don’t plan to replace every year, you may have it for the next five years…

and if you only get a value for money bottom of the range one and it does not have that hardware…

and if Monzo only cater for fingerprint readers and due to medical conditions a customer can’t use that…

and why is everyone coming up with excuses not to implement this rather than sitting down and saying can we do it or how will we do it?

So instead of Monzo being the bank that listens to the customer and gives them what will be useful, now the Big Bank mentality is creeping in and the customer is expected to be told what is best for them!


(Alex Sherwood) #15

It’s other users telling you to stop panicking about this not Monzo :joy: I’m 100% sure that Monzo will provide a solution for this use case but right now, while there’s a perfectly good workaround, I don’t think it’s urgent.


(DΛVΞ) #16

I think any security conscious app should have its own protection implemented, and not rely on 3rd party apps. Secure cloud storage apps offer (and generally recommend you use) their own in-built protection as an extra layer of security. Don’t see why fintech is any different? Whether it’s via PIN, password, gesture, or fingerprint is a different question. Just having an option would be nice :slight_smile: