Profile


(Hugo Cornejo) #1

Hi all, I want to share with you the first steps on something that we think will be really powerful at some point, your profile section.

For starters this will be the place to modify your personal details (change of address, etc.) and opt-in if you want to be asked for TouchID/PIN every time you open the app (very useful for people that just don’t lock their phones or unlock them for their kids to play iOS games). We may consider give you a bit of control on the kind of notifications you want to get.

In the future we’ll have the ability to connect with social networks, track sessions of your account open in other devices (classic Gmail pattern: IP, location and log out remotely), manage third party apps (API yo) and integrations with other apps and services (TfL and such).

I know this kind of “feature” is not particularly glamorous but maybe precisely because of that any feedback is even more welcome :slight_smile:

Thanks,
Hugo


The Mondo Beta
Touch ID to access the app
Get Mondo
App security
TouchID to log/in?
Implementation of Touch ID on iPhone
Touch ID Login
Secure app with Touch ID unlock
Use of Touch ID on iPhone to make the app secure
General UI feedback
Monzo against competitive lockin - let us close our accounts
Touch ID
( related to Monzo CEO, Investor in Monzo ) #2

hopefully Leah doesn’t mind giving her address away ? :joy:


(James Billingham) #3

I’d definitely use the Touch ID option.

Being able to see your registered address very easily is valuable I think. We get a lot of customers confused about why their address isn’t working, so it’s good that they could easily see what we’re talking about when we refer to their billing address.

With regards to third party API use, it’d be pretty cool to be able to see a log of exactly what the third parties have been doing - e.g. I tap “TfL” and can see something like:

  • scanned for transactions matching TfL
  • added journey details to 8 transactions
  • checked authorization to charge card

I’d imagine some people who are particularly privacy conscious might even want to receive these as notifications.


(Hugo Cornejo) #4

@iansilversides omg, I should have told @leah Now all our happy users are going to start sending flowers and chocolates to that address without knowing that it’s actually a fake mix of my two previous home addresses :wink:

@billinghamj thanks a lot for sharing that idea, I wonder if that’s the kind of thing that should be API / Developers portal territory, helpful to debug, etc. I’ll keep it on mind :blush:


( related to Monzo CEO, Investor in Monzo ) #5

I will cancel my order :blush:


(Toby Foord) #6

Brilliant! Anything to make it a bit more toddler proof :baby:!

Along with your home address, would you be able to change your email address here also?
I’m guessing you’d need to authenticate again to change any of this info too - if so have you thought about what mechanism you’d use (OTP code perhaps)?
I’m sure you’re a million miles ahead of me but as this profile data is fundamental to the account and I find the actual vs perceived strength of auth fascinating :nerd: your thoughts would be interesting.

Completely agree with the visibility of sessions and third parties too, its really valuable and empowering for a user to know the who, what, wheres and whys of account access.

Can definitely lose the close account link though, I mean, who would?


(Hugo Cornejo) #7

Totally. We haven’t decided the mechanism yes though. Since we’re now password-less I can imagine something like sending you an email to the “old address” for you to click in order to take you to the “give us your new email” screen, and after that another email to the “new address” for you to confirm the change.

All that sprinkled with timeouts so nothing breaks if you make a mistake typing the “new address” and you can keep logging in with the “old address”. If you think about it it’s very similar to any other password recovery flow.

The perceived strength of auth is a critical matter for us, in a world of banks asking you for crazy long passwords and PIN calculators we’ll need to make a big effort to educate our users (not developers but regular people) that Mondo is perfectly safe without all those inconvenient steps. I wonder how many “measures” on legacy banks are just pure placebo.

:heart::heart::heart:


Log in links now coming via SMS too
In App switches and location based security
Implementation of SafetyNet & Screenshot Prevention - Security
(Toby Foord) #8

Exactly!!! Unfortunately educating users isn’t the easiest endeavour either - fingers crossed clear messaging and awesome design to boot will win them over :wink:


(Rika Raybould) #9

Do remember that sometimes, the reason why people need to change their email address is because they’ve lost access to their old one! I’ve seen a crazy number of people register for things with school, work or ISP provided email, lose the address almost immediately when they leave one of those and not realise that it’s still on file with many services. I’ve personally had one of my joke domains expire and didn’t realise that one of my Twitter accounts was tied to a now-inaccessible email address. Thankfully Keychain had the password still.

It’s a difficult case to have to resolve if you’re password-less but quite common in my experience. Sending a selfie to support with some kind of account identifying information feels like a good way to fix it though.


(Hugo Cornejo) #10

Even though that makes total sense I think at least for now we’ll deal with edge cases and exceptions manually through customer support. In fact, we are already doing it since the profile page doesn’t exist in the app :slight_smile:

Once we have a volume big enough to really understand the different scenarios we’ll build multi-factor systems to get to know that you are actually you (ask you to take a selfie, a picture of your passport or driving license, check if you are on the same WiFi that your home is, ask you for some numbers from your card, check your PIN, biometrics, etc.)… so, don’t worry, we’re not going to let people out. However at this point we need to focus on solving 99% of the problem on the easiest possible way.


(Rika Raybould) #11

Good to hear!

Just warning that not having access to the old address may be common so the app should offer some kind of resolution flow, even if that’s just a little “I can’t access that inbox” button that opens support chat. As long as the automated method covers almost everyone’s case, a good, empowered support team can handle the rest. (Related: Mondo has some of the best support I’ve seen from any service I’ve used, keep it up as you grow!)


(Hugo Cornejo) #12

You’re totally right about the “I can’t access that inbox” thing. This is what we did for the regular login precisely because of that. We’ll have it covered.

Fun Mondo history fact: I didn’t consider that scenario WHATSOEVER when designing the password-less flow. Five minutes before submitting the app to the App Store our CTO @jonas made me understand the issue, we added the extra button and @james coded it faster than the speed of light. Something something, move fast, break things :slight_smile:


(Adam Hockley) #13

when is the new profile coming


(Adam Hockley) #14

i reaily hope she dont lol


#15

I would definitely use the TouchID to enter feature!


(Adam Hockley) #16

i would use touch id


(Richard Bairwell) #17

I’d prefer it if it didn’t show my full address - maybe with the numbers scrubbed out, vowels replaced and common words removed - so my address would be “*** Eld*r , Clpstn **, NG *FU” : it’ll be more than enough for me to recognise it, but useless to anyone that gets hold of an unlocked phone and the card (baring in mind, that for CNP (Cardholder Not Present: internet transactions mainly), the numerics of the address are used for authentication).


(Caleb Wong) #18

I do hope to see this soon. :laughing: Anyone sent flowers already?


(Andy) #19

Touch ID +1

That’s the biggest missing feature for me right now. Just makes me uncomfortable not having the app protected in some way. Love the app otherwise.


(Stuart Todd) #20

Brilliant idea :slight_smile: doesn’t need to be glamorous but functional :slight_smile: