Check out our latest blog post for all the info -
Thank the heavens!
Nice one! Very welcome.
Shame there is no dislike button! This is so so so far from providing security and privacy, as it locks out so many people who don’t have a finger print reader, or can’t or don’t want to use one.
Very sad that Monzo has decided not to implement this properly!
App, Security and Privacy (Fingerprint, Pin, or Password)
Just curious, why if you had the option to and were able to use a fingerprint reader (no medical conditions which stop you etc) would you not use it?
For example because one believes that fingerprint doesn’t offer a good balance between usability / security? I know some people in the industry who believe that (I personally don’t). (To be fair, though, people who fall into this category are very very unlikely to use Monzo anyway, given their blatant disregard for security.)
Another example: Because my finger is wet, and the reader doesn’t register.
Or I’m wearing (touch screen enabled) gloves.
These are just three reasons that come to my mind immediately.
Isn’t it optional, though? That is, those people in your example can just not turn the feature on?
Oh yes. But they have no alternative
I believe the team’s covered this here -
Click the to view the full post.
use Monzo anyway, given their blatant disregard for security
How is Monzo not secure? It relies on an access token stored on your device, and to get one remotely you need to provide a link (containing an auth code) emailed to the user.
Granted, that’s single factor, but I feel it’s more than acceptable given that in the end, the user is not responsible for fraud anyway. If this was truly a problem you’d bet Monzo would be fixing this fast as it would be their own money that’s being spent by fraudsters.
I didn’t say they are not secure. I did say they show disregard for security matters. I addressed this elsewhere (only scratching the surface there, though).
Fingerprint protection for the app isn’t a security feature so I’m not sure why you’re raising this here.
But the app is kept secure firstly by your device’s passcode protection & secondly by requiring additional authentication i.e. enter your card’s PIN or CVV, before you can remove money from the app.
As long as you follow the T’s & C’s, Monzo is liable for any theft of your money so it’s in their interest to keep the app secure. Therefore, the fact that they haven’t added PIN protection for the app itself already suggests that it is..just because other apps use this protection doesn’t mean that it’s the only way to keep your money safe.
Community Roundup - 16/3/2018
But are they also liable if someone gets my security questions and answers from the chat history in the unprotected app, and uses those (among other pieces of info, of course) for ID fraud? Or uses an API access that hasn’t been revoked to get info that they can otherwise exploit? I don’t think so.
Why did I get upset about the Equifax breach? Was it because someone stole money from me? No. Because someone was negligent with my personal info. And while I absolutely don’t want to compare Monzo to Equifax, the same principle applies: I want my bank to show the proper regard for my privacy and the security of my personal data.
The API access wouldn’t be protected by a PIN. And the chat history is still protected by your device’s passcode.
Anyway, now we’re back to discussing privacy, which is what this feature is for
There’s an irony that they implementated ID verification for such cases, and people moaned. You can’t win all the people all the time.
Monzo’s blog post is clear that this is as extra privacy. They don’t mention security anywhere.
This feature might be good and satisfactory for some people but I personally think it’s useless and seems like Monzo just trying to appease Android users and also to avoid having those negative reviews on Play Store.
Now to work out whether I’m actually going to bother to use it…
When I read somebody mention about the fact that the fingerprint has already been used to unlock your phone… I’m not sure I see it necessary
Amazing it’s been implemented though. Thanks for listening
Fingerprint Unlock is something that has been requested by a huge amount of our Android users.
That doesn’t mean it’s going to be something that literally every user wants or will use - but you can say that about almost all of our features.
For those that want it - it’s now there!
Just wondering shouldn’t the app lock itself or sign you out when you close it?
No facility showing on my Note 8 to trigger finger print.