Alright, you are right in that. I did not mean to write people off!
Let me rephrase that: every time one person says they’d like more security they get multiple replies that (a) more security isn’t needed because you need to keep your phone secure. (b) they don’t want additional security because of the friction it causes, while only very few would support the idea of additional security.
I do believe that is factually accurate (and you can just scroll up this thread to see this), and I believe neither addresses the issue at hand.
HMRC has a similar thing. If you forget your ID you have to fill out a annoying form and get posted a letter which contains it. If you’ve forgotten your password I think you go through a similar process.
My dad has degrees in Physics (Cambridge) and Electronic Engineering so he’s not stupid and can fairly competently use a computer (he’s built a few from components) and yet this system persistently fails for him. The letters never seem to arrive and the website is unintuative and unhelpful so as a user, he doesn’t get a good experience at all. Just using him as a test case, we can see that the system here is broken - so, due to all the security the users cannot use the actual service…which defeats the point here!
Passwords are deeply flawed and I think there needs to be a more ground up solution than making it very very difficult for people to access their account. There is a need for security, but there is also a need for usability and arguably usability should come slightly first as you can build the most secure system in the world, but if users cannot use it then it is pointless.
I would hate to have a bunch of extra ‘security’ foisted on me that I don’t want. I’m fine with people being able to add passwords and such but personally I already have to unlock my phone with a fingerprint or passcode
I don’t want to do that again in monzo, especially since I just use a password manager for passwords anyhow
That’s my opinion. Low friction all the way - nothing will ever be 100% secure so I’d rather monzo go for ‘good enough and nice to use’
Personally, I’ve never been a fan of the passwordless login system, you enter your email -> they send you an email -> click login. I’ve never been a fan, however, it works, it’s secure, and makes ease of use for the end user.
You don’t have to remember a ton of details, or worry about putting them into a phishing website.
The only difference is, security then becomes down to the end-user, how secure is your email, can someone get a hold of this, and do you have steps to get it back if anything happens.
Therefore I recently changed my email to another provider to offer me with 2 step authentication.
When it comes to the mobile, once you’ve authenticated a device, it then becomes the security of how secure your login is on that, how many people do you let on your phone… I personally don’t trust anyone and change my passwords for email and phone every 3-6 months.
no it is not uncalled for. Anyone who dares to express an opinion on securing the app with password or pin or making steps in the app have aditional security layers gets promptly attacked by a number of ardent zellots (often regulars) who active in the community.
We have no objection to their views and while a solution is to have any settings optional they try and stamp on such ideas so we don’t even have that
I’m not sure this conversation is going to be particularly helpful or solve the actual issue at hand. I suggest if you want to talk about people getting “attacked”, the above thread might be a better forum.
To summarise: the app is not massively secure, some people see this as a benefit others as a drawback. Discuss without responding to emotion in people’s posts.
I know you feel very strongly indeed about this issue - we’re all well aware how many times you’ve raised it. However, diatribes like this just come across as trolling. You are adding nothing to the conversation. Can you not make a point without upsetting other people?
I also wouldn’t object to an optional setting for people that want it as long as it doesn’t make me less secure. My concern with a password/separate PIN is the weakness is usually in the recovery process. There have been numerous instances of social engineering of companies that have resulted in people losing control of their account because someone else was able to reset/recover the password. So if passwords become a feature, that is potentially another attack vector against my account, as well as those who want this feature.
I am not trolling. An anti-pin or anti-password person trolls and when I reply to them I get attacked. You guys are happy to let posts when they reflect your view and critisise us if our views are different. If you let people post the one view you should not try and stop others with a different view replying to them
Here I disagreed with a comment by Feathers to Nanos. I should be free to support another user if I wish. If you want to police, direct and control these threads why not have every posted comment submitted for approval before it is shown. You can then ensure all threads reflect the corporate line of the Leaders or Monzo.
The point is, it gets really tiring seeing you repeat the same point over & over again. As I’ve already mentioned, it’s not going to get you the functionality that you’ve asked for & it wastes everyone’s time explaining what the situation is.
We know that the app’s security is being redesigned for v. 2 of the app, it’s pointless to debate whether the security is sufficient until then.
You’re not doing your credibility any favours by changing your profile picture like that either.
If you actually don’t read the thread in the order it appears but see what post the other leader was replying to it was to a comment I made to feathers in response to his reply to nanos. I felt Nanos had made a valid comment and I was right to support them in that. Not reading the replies as they link together may take it out of context, but if the conversation thread is read rather than a succession of posts it makes more sence.