Monzo are rated the best bank in Britain

In that case, they could more easily steal your identity by stealing your post, I expect.

I’m baffled that people’s phones don’t lock as quickly as mine if not being used

Well, the original point was someone using their phone when it’s snatched out of their hand, so I was basing my reply on that.

What does seeing someone’s financial transactions get you, that rooting through their email or Amazon purchases doesn’t?

As far as I’m aware Monzo leverages the phone’s biometric security. If you have “unreliable biometrics” (to use the same poster’s example) why not prioritise that in a new phone upgrade?

Ultimately, if it’s so important to someone, they’ll just use another bank.

This.

Both my iPhone and Samsung lock immediately with a click to the side button.

My phone has a secure folder.

Any apps that are put in there are password protected and in addition they’re completely hidden from view. There are plenty of other options if concerned people took a moment to Google it.

Maybe stop creating weird hypothetical situations to prove some kind of point. What actually happens in real life?

You’re basically saying that some hypothetical people are paranoid about having their banking app looked through, but they’re fine with leaving their phone lying about unlocked…?

Are these same hypothetical people concerned about someone going in their home and looking through their bank statements, but fine with leaving their keys with an address fob lying about?

It’s not hidden though

Go to the help section and look for ‘lock app’
Or the natural first place to look, the security section

If people want it then it’s not hidden

Maybe in your world this is common, but if that’s the case and you don’t trust your friends/family, then add the additional layer of privacy.

The choice is right there in the app.

But your finances are always secure.

If you stop making up stupid scenarios then people won’t have to correct your backwards troll logic.

Is that an Android thing?

Of course I could just do what you said and google it….

I might get mugged walking the street. Should I put a lock on my wallet so they can’t get my cash out? They could cut the wallet open instead, should I carry my wallet around in a miniature safe to keep that secure? What if they take the safe off me and run to the nearest repair shop to find tools to hack it open? Should I handcuff it to my wrist to stop them doing that? What if they try and cut my arm off? Should I wear a suit of armour at all times?

At each step there is a risk and I’m taking a step to make things more secure - but I’m doing far more than is reasonable.

Yeah Android Samsung thing…

I imagine there are plenty of other similar apps available.

image1170×2532 210 KB

Click the little cog top right when you’re on the list view

But presumably the people who feel Monzo is insecure still use email?

I agree. But I wasn’t using that as justification for why Monzo should do something, I was asking the OP’s thoughts on Amazon’s privacy, as a comparison.

While I’m sorry to hear about what happened to your family, Monzo putting a lock on their app by default wouldn’t social engineering of that extent happening in the slightest.

Comparisons to email are not bizarre - they are made because the common cry is ‘identity theft!’, for which email is far more of a treasure trove than any one app. It doesn’t even have to be complicated or take hours of reading - just send an email to everyone in the address book saying you’re on holiday and your wallet has been stolen and could I please borrow some money to buy a new flight home/pay for my hospital care/whatevs.

FaceID will fall back to the pin in the circumstances that it needs to.

To be clear, I have no problem with people stating that they feel Monzo is insecure, but I do like to establish some kind of baseline and find out if these same people also believe that typing in three characters from a password, or having the bank text them a code, is more secure.

Which is basically what the couple of posters on here have encountered today – rational, factual rebuttals to their feeling that Monzo is insecure.

OK as the OP. I will not try to reply to all the individual posts but try to condense it as follows.

Firstly to the few who have done so please do not take what I say and then morph it into something I did not say. I have never mentioned family, I have never said my phone is left lying around unlocked. It isn’t.

Monzo are a bank, it is good practice for banks to provide security which works for all their customers. I deliberately include privacy in “security” - we’ll not get deep into the debate about which is which, because they are intertwined - happy to do that another time.

Monzo think biometric security is a good idea to stop people being able to get into the Ap, they do not provide a fallback to a PIN or alternative if biometrics don’t work. So some people have a lower level of security like it or not.

It happens that I use biometrics with other APs and they work fine, so it’s not the phone’s fault. Something about the Monzo implementation makes biometrics fail too frequently to be useful. I am not buying another phone to try to fix this.

ALL the other online banks that I have experience of (at least 6) have what I am asking for. Why can’t Monzo.
Regarding the debate about whether 3 characters from a password or a PIN adds any security, I would say two things. Firstly it does depend on the implementation and the way multiple false attempts are handled, Secondly if you don’t think they add any security why are you content that this is all that protects against being able to transfer funds etc.

As for the attempt to suggest weakness in my email, Amazon… security/privacy absolves Monzo. Rubbish. Firstly you don’t know how secure my email is, or if I even have an Amazon Ap.

I am asking for something very simple, a PIN alternative to biometrics for when biometrics don’t work (for whatever reason). That’s it!! Revolut, for example, do it very well.

Over my career I have seen a lot of security breaches and a lot of bad practice. Normally it’s carelessness, or lack of imagination, or poor communication. Monzo is the only example I know of where it is deliberate management policy.

Please if you want to comment on this please do so in a constructive way and address what I have actually said.

You’re being very dramatic about it all.

If someone gets hold of your phone and can look at your app, that’s likely carelessness on your part. If it’s forcibly stolen from you, then they are unlikely to say “Oh, it’s got a pin. Have it back”

If security is of such concern, maybe consider a more secure and privacy focussed operating system. This is standard on an iPhone.

You can’t declare two things to be intertwined like that and expect everyone to agree. I fundamentally disagree that they are intertwined, as Monzo’s app is secure (money cannot be transferred without knowing my PIN) and my phone lock deals with the security for me. Having a lock on the Monzo app adds no extra security for me at all. Therefore, I can’t accept this as an axiom.

My understanding is that Monzo don’t deal with the biometrics themselves, they pass that through to the phone to deal with. So it’s surprising to hear you have a particular problem with Monzo in this regard. Have you tried reporting it to Monzo’s COps?

I don’t, which is why I was asking. My intention when I ask this question is to try and establish a baseline, and understand if people are concerned about the security of all their apps, or if they’re just picking on Monzo. In the past when it has been the latter situation, it can feel like someone making a big issue about having locks on their house windows while leaving the front door wide open.

I hope that helps you understand that I wasn’t trying to imply anything, and that I was asking a genuine question. Perhaps the part of my reply in spoiler tags threw you; if so, I apologise. I put that there to try and short-cut some of the expected back and forth replies.

When this topic has come up in the past Monzo staff have explained why they use biometric and have chosen not to fallback to PIN. I’ll try and find these replies and link them if I can, as that may help your understanding. My recollection is that it’s actually far harder than you’d think, as they have to consider issues like using card PIN versus app PIN, and whether the PIN should be stored centrally or locally (implications if offline).