He was obviously eligible for a loan then. Unless thieves can somehow improve your credit score… in which case take my phone!
Hate these stories. They are almost always some idiotic story where they didn’t do anything basic (call your banks etc) and then a thief somehow manages to bypass all the security on the phone and apps and drains everything.
What was he doing for those days? Just not moving? You pay to fart in London so he must have had some idea of his banking situation.
I don’t buy them; and the more I hear the more I become convinced there’s far more to them.
I’ve had my phone stolen in London. Within 60 mins I had blocked all cards, remotely wiped my phone, reported to police and secured a replacement from insurance.
I don’t know how the HSBC app works, but Face ID won’t work, so you’d need a password/pin? They got in there. Managed to apply for a loan without any login/verification.
Transferred that money to his Monzo account.
Then transferred all of the money from Monzo to their own account.
So the thief had their phone, phone pin, HSBC login details and Monzo pin.
For me the issue is that if someone gets your phone and phone passcode (by snooping or by force) its easier for them to take over the account provided by the phone platform (i.e. iCloud in case of iPhone and Google in case of Android) than it is for them to take over a 3rd party service. I’ve tried a few 3rd party password managers and I don’t think any of them fall back to using device passcode for access.
This is why I personally prefer not to use Apple or Google for my primary email or for my password manager.
This isn’t my experience. In the last couple of years I reckon I’ve tried 3-4 different 3rd party password managers and used 5-10 bank apps and I can only recall Monzo behaving this way. I’ve been using Android in this period but I imagine the apps would behave the same on both Android and iOS. Do you happen to remember which other bank apps behave like Monzo in falling back to device passcode for access?
1Password and Bitwarden fall back to asking for your pass phrase if Face ID fails. I’ve not tried any other password managers (other than Apple’s own).
They also I think ask for password if you add/change a face.
I mean people can use crazy things like notes if they want to in a personal capacity, I think its terrible terrible from a security point but if thats how they roll it can be hard to change terrible behaviour. My mum used a notepad for ages and didnt use much uniqueness in passwords but thankfully ios 18 password manager is making that easier to migrate her to.
In a professional sense though its a massive liability and should be a banned practice. I have very tight controls because of what I have to access across various business’s using a high encryption on BW and yubikeys but that’s a requirement (there is more security stuff as well…)
I dont know anyone who is a professional in IT that doesn’t use a proper password manager but I do know many who think they are in IT or think they know a lot about IT who funnily enough dont, them folks be a bit of a joke to me to be honest (enthusiastic amateurs was the term, just enough IT knowledge to be dangerous/break things).
If it was found that someone was using notes app/pen + paper with corp details there would a retraining exercise and if they really didn’t tow the line eventually they would go through disciplinary strikes. There is no excuse not to take basic measures in the corp/professional world and arguably personally, BW is free except for 2FA keys and even then its around $10 I think per year.
Yes, HSBC offer a PIN alternative to biometric authentication.
Interesting how in this case, the claim is that they managed to get into his HSBC account and then transfer the funds out of his Monzo account - for which I believe the app also asks you for authentication.
Wise doesn’t behave that way for me. If biometrics isn’t working the only way in for me is to use Wise password. So perhaps that’s an Android vs iOS difference or perhaps they’ve changed since you last used.
For password managers, those are two I haven’t tried. 1Password, Bitwarden, Proton Pass and Enpass are the password managers I tried and they don’t fall back to device passcode.
Yeah, this is why I’m personally not keen on using iCloud keychain/email on iPhone or Google password manager and email on Android.
Oh I got a new Apple Watch and I noticed that when adding cards to apply pay the approve interface surfaces the “monzo is not calling you” box at the top. I didnt notice that with the new iPhone but I may have missed it. I thought that was a natural place to surface it but it also needs to be on the new payee interface (if it isnt, not added one for a while).
