PIN Protection on the app


(iainror) #1

Is there any plan to add a feature into the app that adds a layer of security when you open the app. Seems odd to me that someone can pick up my phone and access my financial info so easily. I expect this isn’t the same for everyone, but with something so personal and serious an option for this would be great.

Would also suggest it asks for this pin number every time the app is opened even if running in the background (like the barclays app).


Touch ID to access the app
TouchID to log/in?
(Daniel Inniss) #2

this makes me sad :frowning:

I like not having to enter a pin just to view my transaction history. There is no way that anyone could use my account from the app.

If someone can pick up your phone and access all of your apps then maybe you should turn password protection on your phone :smile:


(iainror) #3

Not meant to make you sad. As I said in the original post this is probably not for everyone, but a choice would be nice.

I have password protection on my phone. However, for something that is a window into my financial world I would prefer the short step.


(Daniel Inniss) #4

I do understand totally.

If i could actually use the app to make purchases or transfers and such then i’d be expecting an extra layer of security.
For me I’m not so bothered that someone that manages to get my phone and unlocks it can then just see a list of my transactions


(iainror) #5

Yeah I agree with your point there… I assume this is where the app will be heading in the future.


(Rika Raybould) #6

A second stage of security would definitely be required before the ability to transfer money is implemented. Even if the authentication is done at the transfer stage instead of app launch.

I see why people would prefer to keep their transaction details private though, especially since you can effectively build a location history based on the locations and times of a user’s transactions. A lot of the problems with PIN entry (shoulder surfing and speed mainly) are fixed by doing what iOS itself and Revolut does by having the second, faster route of Touch ID on supported devices.

Do remember that if someone can get to the Mondo app on your device from a locked state, they already have access to all of your cards in Apple Pay through either Touch ID, PIN or long password.


(Alexander Baxevanis) #7

Totally agree that this should be a choice. I’d switch on Touch ID, but if I have to enter a PIN/password/whatever else then you start becoming like every other useless banking app out there.


(Saveen) #8

+1. Completely agree with @futureshape


(Rika Raybould) #9

Still needs a fallback considering how volatile Touch ID registrations are, how the app facing API works and that a graceful degradation is required on unsupported devices or when the sensor is unavailable/non-functioning due to temperature, gloves, replacement (though iOS breaks pretty badly if you do that), MDM policy, etc.

Here’s how Revolut does it. It’s PIN by default but if you’re on a supported device, it’ll automatically invoke the system Touch ID Keychain item unlock once (per launch) to jump straight through it. Additionally providing a way to reinvoke it (lower right button) if future iOS behaviour changes or if the user accidentally cancels out as well as a method of recovering from being locked out (bottom left).

Zendesk Inbox is Touch ID only on the app authentication and doesn’t provide a way of reinvoking it. This means that this security is only for Touch ID users and if you cancel out for any reason, the app gets in a broken state and needs to be force quit to recover (and no, just retrying on failure doesn’t work well). Not a good implementation at all.

It’s nice saying “Touch ID or it’s useless” and Touch ID is great but it’s limited by design to be a faster, shortcut method of authentication, not the only method of authentication. Though I do recognise that PIN entry is yet another shortcut for entering in your full Mondo password.


(Saveen) #10

I think @futureshape was referring to:

ie. Not imposing mandatory PIN access like Barclays (without Touch ID option)


(Rika Raybould) #11

Oh, right. Good point there. Apologies to @futureshape.

I feel like there’s a strong case for some form of mandatory authentication that I’m struggling to come up with at this time in the morning, even if the option is between aggressively challenging (every time you open the app like Barclays) or just every time the app is launched after a reboot/full quit/one day/etc. Revolut and Zendesk Inbox seem to follow the second, though I am unsure as to what the exact triggers are.


(Saveen) #12

Yep, mandatory authentication will become important when :mondo: get its full banking licence and launches a current account. Then even allowing users to see transaction detail would be a high security risk because this information can be used to confirm a direct debit mandate created through PayPal.

I presume the team will be incorporating:

  • The KeychainTouchID API (vs. Local Authentication API. Reasons why here.)

  • Some form of two-factor authentication.


(James Nicholson) #13

Hi Saveen, I do iOS things around here :slightly_smiling:

You’re spot on regarding the Touch ID API – must be via SecItemCopyMatching so that we’re actually unlocking something from the enclave (and thus can’t be hooked out on a jailbroken device).

For example for payments we’re looking at Touch ID with ATM PIN fallback. Touch ID would unlock a server-generated token to authorise the payment that would be updated on each use. The server has the option to challenge for either the token or the PIN, and the latter can be used on devices not supporting Touch ID.

As of iOS 9 you also get neat things like kSecAccessControlTouchIDCurrentSet, which means that if an attacker changes the registered fingerprints on your device, they still can’t impersonate you, as the token is encrypted using the previous set of fingerprints :point_up_2:

In terms of multi-factor auth there are lots of cool things for us to evaluate (biometrics, taking selfies, etc.) along with more mundane things like client certs, SMS, etc. Watch this space!


(Toby Foord) #14

+1 for TouchID / pin code on app startup

Caught my three year old trying to add a selfie to the curry I bought last night! :baby::iphone:

Whilst not disastrous, and I know I would have to authenticate any movement of funds, it “feels” weird (insecure almost) having access to transaction history without any form of authentication.

As a plus though, you’ve clearly succeed in a great, obvious, design if even a toddler can master it :wink:


(Alex Sherwood) #15

There’s an interesting story in the FT today looking into how secure biometric authentication really is -

should fake fingerprints, selfie masks and voice hacking worry the wealthiest

obviously the amount of effort that’s required to bypass any of these features means that the average Monzo user probably isn’t at risk from those techniques but it’s something to consider, epsecially as at least one of Monzo’s competitors are adopting these features.


Adobe Voco may hack biometric banking security?