Security: Touch ID / Passcode when opening the app the second (or n-th) time

Hi there,

(This is in regards to the iOS app)
I have noticed that after opening the Monzo app for the first time in a session (with which I mean a continuous period of time where the phone is switched on) and closing it (pressing the home button once), it does not ask you to authenticate again when re-opening it.

Also, it seems like all details that were previously visible on the app can be view from the task manager as well, rather then being hidden.

I would suggest changing this.

Cheers.

1 Like

Just tried this myself and agree with @MRMR. Bit of an oversight but it only seems to use touch id/face id for initially opening the app. I even locked the phone and reopened without being asked to reverify (obviously face id used to unlock the phone).

The task card should also certainly hide the details as this could be a privacy issue, people do not tend to close apps on Apple devices, therefore, the app could remain open indefinitely, although the details on the card would be outdated it would potentially leak info if someone were to pick up an unlocked phone or the owner was showing something on their phone.

Peter

Are you and @PeteMcD both using FaceID? Is it possible that you’re just being authenticated immediately because of it?

I ask because I don’t even have the TouchID lock enabled for the Monzo app, and all details are covered up in the app switcher. So I wonder if it’s something around FaceID authenticating immediately.

Hi @jzw95 I do have Face ID enabled (manually enabled it in the settings. When you first open the app it prompts for Face ID before it will open, if you minimise the app and come back to it, it does not re-request face ID. To have it re-prompt I would need to physically close the app.

To make sure it was not just validating extremely quickly I have tilted the phone so the camera can’t see me (same sort of angle that stops the phone unlocking) but the app happily displays if it was already running in the background.

It works as expected for me. There are two touch ID buttons in settings; they should both be on.

No, I only have TouchID and both TouchID toggles are both active.

1 Like

@Anarchist yeah, but try closing it (just pressing home once) and reopen it, and it won’t ask you for TouchID.

@MRMR Yes it does. I checked before I posted. I’m on an iPhone 6 and whatever the up to date iOS version is.

That’s weird - my issue is appearing on an iPhone 7 Plus with iOS 11.2.2.

1 Like

Double checked mine as well. Both toggles on and not working as expected.

iPhone 10 with iOS 11.2.2

image

Hi there,

I know monzo has a lot on it’s plate atm but I think this is something that’s quite needed.

I think the features around touch ID need improving. At the moment when you add Touch ID there is no way to access the app other than Touch ID. There should definitely be a password alternative.

Also as an extra security measure the app should require said passcode or Touch ID again to enter when the app has been closed or between app switching. At this time it requires you to kill the app process in order for the Touch ID to become active again.

Thanks

[EDIT] I see others have mentioned the same or similar on other threads. The more posts the better I guess :smile:

2 Likes

There is, but it’s clunky. If you press ‘cancel’ on the Touch ID screen, and the 'logout ’ you can log back into the app - you’ll need to know your card PIN, though. It could be better, obviously, and hopefully will be soon.

The other issue is a bug which is known, and hopefully they’ll sort it out soon.

1 Like

a new thread was created in another section. I made contact with support who have confirmed that this is a bug and will be fixed in the next version of the app.

1 Like

Hi everyone,

I’ve upgraded my phone from Android (Samsung Galaxy) to Apple iphone 11 where there’s no touch ID available, can I set up face recognition or a pass code to access my Monzo app as currently it lets me straight in which I feel is not great for security if somebody was to access my phone. Please help!

Go to Settings, there is a FaceID option there (and Pass code too).

From the transaction feed, click on your account icon (top left)
Then Settings (top right)
The scroll down to Privacy and pick the options you want to use.

Done it, thanks so much I am still learning the ropes with my new iphone! Love Monzo :slight_smile:

2 Likes