Is the PIN going to be stored in-app only or will it be server-side? And if the latter, what’s the recovery process for that?
I am bit confused what are Monzo trying to do here - If a phone has face/finger unlocking there’s always a backup PIN and if there are no biometrics protection then there is ought to be a PIN and most apps rely on this phone PIN as a backup. Why can’t this be the case for Monzo? 
3 Likes
I like the idea of colours but it’s not so good for someone with colour blindness?
Option two sounds the safe middle
I voted for option 3 because I agree with @alexs:
I think that it has to be something that isn’t thought of as a PIN. Otherwise I fear that people will get confused, and either get locked out of the app or start entering the wrong number on a chip and PIN transaction. I get that increasing the length on option 2 will help to mitigate against that - but I suspect that just using the same name will cause confusion.
So, how about an (alpha-numeric) password (I’m not keen, but maybe the least worst option)?
Or, if you do go for option 2, how about changing the terminology so you talk about a ‘passcode’ or ‘access code’ or ‘privacy lock’ rather than PIN?
Or can the app elegantly fall back to native Apple / Android access locks? That way people that use a PIN / pattern to access their phones can turn it on to also get into the app? And those that use biometrics can choose to use that?
5 Likes
This is already available in the app, I think.
Honestly I think that this is just a bad idea. It’s another chance for the card PIN to be seen/skimmed, and as you note, people are likely to use a variant of the same PIN for a different PIN. So for something else I propose: keep it as is.
6 Likes
I initially voted for option 1 as I thought the app was fairly useless unless you have a connection (you wouldn’t know if what you were looking at was up to date). But then I thought it’s another chance for someone to find out your card pin. And what would happen in the event that you input it wrong so many times? Since it’s actually a live pin it could end up blocking your card, how would the system know your pin hasnt been compromised and it’s someone trying to guess to later use your card?
So I ended up going for option 3, as to what could be used I don’t yet know. Option 2 is too easy for people to just put their card pin in plus 00 / their birthday or they will just put the same code in to unlock their phone in which case why bother just only lock the phone. To add, this option is boring 
EDIT: for option 3 maybe you could do a morse code unlock. Where people tap the screen in a certain sequence.
I like the colour wheel idea too.
1 Like
This would be a fall back if they stopped working. Like if you have greasy fingers done too much kfc 
or your device doesn’t support either touch or Face ID.
1 Like
At first I thought alternative method as it’s probably easier to remember for more people. However, in the end I settled on alternative, longer pin because I think anyone who’s going to choose to actively enable an additional security step is likely to choose one that is different and hard to guess (if reminded to at the point of creation) - if they weren’t really concerned enough about security to do so, they wouldn’t enable this step. Perhaps there could be a secure way to check that the alternative pin does not contain the normal pin and say it’s not allowed if it does?
I’m also glad to see it still seems it’s going to be optional - I won’t be using this feature and would really hate to have it imposed on me.
2 Likes
Face ID is rubbish. I have two friends who are sisters born a year apart and not even twins but they can unlock each other’s phone with their face!
1 Like
What is all this talk about not being able to remember a different pin for an app to that of a card! Years ago we remembered half a dozen 11 digit phone numbers made up of a 5 digit area code and 6 digit number!
3 Likes
That sounds like legacy talk @anon44204028 this is the future ha ha
6 Likes
Give it a few more years and they won’t be able to remember a pin more than 1 digit long 
2 Likes
I’d enable this, if it’s a longer unique pin. I definitely wouldn’t use it if it was the bank card pin, I’d rather not see the bank card pin used for anything in the app at all, it should IMO be completely separate. Alternative pin option would be fine too if it’s something like emojis, it’d be a fun little touch.
1 Like
Go all out, have multiple options and none for the security. I love having no lock as I already lock my phone for Android Pay.
Inform users of low security if no pin on app or device.
Let’s have passwords along with memorable passwords where you have to type in certain characters. Oh and please can we have the card reader calculator things 
NOT
4 Likes
A Hot Coral colour card reader 
3 Likes
You’ve probably all seen this before but I’ll leave this here :
https://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987
3 Likes
At this rate I’ll be asking for your replies by snail mail !!
It’s an interesting article I recently changed a lot of my passwords to align with the newer advice.
1 Like