Today, I opened Monzo on my Android phone. Usually, it goes to fingerprint verification, but this time, invited me to create an account or to enter my email address. Weird, but OK. Then it sent me link to log me in. Also OK.
Here is where security has fallen through the floor. Now, when I launch the app, there is no verification process whatsoever, no fingerprint verification and no PIN entry. I tap on the app, it opens, I can making payments and undertake all admin functions.
This makes me feel a bit vulnerable, if I am honest. Last time I used the app was three days ago, I think. And support chat is not open at this time of day and, weirdly, you can’t leave a message out of hours.
Anyone else having issues?
(My other bank accounts are behaving normally and requiring a fingerprint or PIN login, so this is a Monzo specific issue.)
I dont think you would be able to make any payments / transfers without putting in your PIN or enabling your fingerprint verification to authorise it
You might think that, but I made an online purchase using monzo card. An authorisation was sent to the app. I opened the app with no verification and authorised the payment without being asked for PIN or fingerprint.
well that sounds probably normal online flow , if you order something online , have your card with the CVC code , have your phone and authenticate the purchase on your phone ??? dunno thats I think usually the flow I go through when purchasing online -
I think when you reinstall the app again it does let you enter the app without fingerprint verification, otherwise you wouldn’t be able to get in to the app initially ???
Sounds like your settings have been reset.
To enable fingerprint login again you’ll have to go to your account details (picture icon in top left), click in the settings cog in the top right and select privacy and security.
You’ll be able to enable biometrics in there.
No, that is not how it has been working for me, in the many, many times I have used it. I have got used to the authentication process.
Although…it surely can’t be right that Monzo allows the app to opened without some verification, eg PIN. If I leave the biometrics turned off, the app launches without PIN verification. What used to happen was that if I launched the app, it would either accept my fingerprint or demand PIN entry. PIN entry seems to have been removed. If I can’t provide fingerprint verification now (eg wet fingers), the only other option is to log out, after which, the only way forward is to have a link sent to my email account (which doesn’t seem to be time limited), and then it asks me to prove who I am by entering a PIN.
Also, in Recent Apps, account entries can be clearly seen, whereas before it would show a placeholder for the app, not any details. The sense I am getting is of an update badly implemented, which is making the app feel very flaky…which is not a pleasant feeling of one’s banking app. It feels really messed up atm
You were logged out, for whatever reason. Monzo does not retain the link between your biometric checks on the phone and the login when this happens, so any security must be re-enabled when you re-login to Monzo.
This has been reported many times before and I’m sure there is a legitimate rationale for this behaviour, but you’d have to do a search to find it.
If I am logged out, I can understand biometrics not working. However, if I disable biometric, then I can open the app just by tapping it…no PIN or other verification. That makes it an insecure app, IMV, and it didn’t use to be like that a few days ago.
Just turn the biometric security back on. Problem solved
You’ve no need to worry then. If you get logged out in the future nobody will be able to access your account either
True. But the fact remains that biometrics got turned off through no action of mine (and presumably could happen again in the future), and having requested an email link, the app opened right up just by tapping it. That is not secure banking, not in anyone’s book, I would have thought.
It’s an option, you can have the app protected or not. Your choice.
Some people determine their locked phone to be secure enough, some put the app in a secure folder which in itself is protected - the list is endless. You don’t always need to enable Monzos app security.
If you’re walking around with your phone unlocked and no password on your emails then you’ve got far greater security issues in my opinion.
This is the way it works.
If you are logged out, the lock settings are reset. When you then log back in you need to re-enable the lock settings if you want them. By default, they will not turn themselves on.
It’s neither a security issue, nor is it major in many peoples opinion. At worst it’s a privacy issue which is why it’s optionally available for those who feel the need.
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.