Security - needs some serious thought


( related to Monzo CEO, Investor in Monzo ) #22

lol I took Dannys reply to be slightly tongue in cheek , isn’t it funny how people read messages and come up with different messages :slight_smile:


#23

yep, I get that now on second reading :slight_smile:


#24

I think I tend to be more likely to spot subtle nuances and a sense of humour when viewing on a large PC screen than my small mobile screen :confused:


(Ben Green) #25

Excellent, that’s peace of mind right there then :slight_smile:


(Brexit Day Is Gonna Be Shamayzing.) #26

Not gonna lie I don’t really care about security on the app for topping up as at the moment it’s in BETA the cards will be going.

When it comes to the security in general again I am not to fussed as I have touch ID on my phone and a long password as well.

I find it annoying hence not being bothered, I have two apps that I use and both have logins one is full username and password the other is a 4 digit pin


(Kieran McCann ) #27

I agree with you in some cases, I would like to see further security measures put in place eventually but ones that actually work with technology. I don’t want to have to remember my 1st, 5th and 9th letter just go look at my account which I have to still do with TSB. Monzo using Touch ID is the perfect solution really, and of course you need to remember that by the start of next year we should be receiving or current account cards so there won’t be any need to top your card up.


(Kieran McCann ) #28

Doesnt that seem a tad too far, I do t want it to take 20 minutes to get into my bank or have to remember several pass codes especially if they are constantly changing. I shouldn’t need to remember this character and that charatcher, I want to be able to open my app and have my information provided to me simply. Touch ID work fine for that and yes it’s not 100% secure but there has to be extra levels of security that can be implemented but simpler.


(Ben Green) #29

I think the appeal of Monzo is in its raw simplicity and speed of everything it does. By forcing antiquated security methods onto absolutely everyone it’d probably deflate some enthusiasm around the app.

The iOS app currently allows the user to toggle Touch ID on/off. Perhaps an alternative method of security could be offered and disabled by default?


#30

Danny is being sarcastic


( related to Monzo CEO, Investor in Monzo ) #31

more teasing… :wink:


(Ben Green) #32

The topic of Android security is still going strong, but I thought I’d reply here as it’s relevant regardless of manufacturer or operating system.

How many iOS/Android devices support fingerprint recognition? I think there’s still quite a few around.

By having that as the only available means of securing the app, the account running on older phones are vulnerable to snooping and fraud. Or are we suggesting that Monzo only be supported on modern devices that have a fingerprint scanner?

My dads iPhone 4 is still running as smoothly as the day he bought it and I’d like to recommend Monzo to him.


(Ben Green) #33

It’s well known that Touch ID fails when either the home button or your thumb/finger is wet. I just experienced access failure due to exactly that issue. Standing outside in the rain, I’m unable to dry it off, so currently the only way for me to gai access is to logout and use the email magic link.

It’s almost funny but definitely annoying.

A redundant password/PIN fallback is becoming more and more apparent that it’s just a necessity. By that I mean it’s necessary for an option to enable it. If the option is there and the user aware of its presence but chooses not to enable it, it’s user error for cases like this. Otherwise by not providing the option it’s just bad user experience when this happens.


Passcode entry in addition to Touch ID on iOS
(Alex Sherwood) #34

Just to play devil’s advocate, would you have chosen between the pin or touch id, as your default? My guess is that you wouldn’t have remembered to switch to pin before your phone got wet. In which case, even if the option was there, by the time you realised that you needed to use the pin it would be too late & you wouldn’t be able to get into the app to change the setting, using touch id.


(Ben Green) #35

The Touch ID popup currently only has a cancel option. I’m no iOS developer but I know it’s possible to customise the available buttons and add one for the fallback option, which to answer your question in my case I would choose an alphanumeric passcode. It’s not often going to be used (hopefully) so some complexity is acceptable in the interest of better security. Keyboard accuracy doesn’t really decrease in the rain either so doesn’t make it much more difficult to gain access in those odd occurrences.


(Zainab Khan) closed #37