Sneak Peek: Updated App Lock

Gotcha, I was getting the impression it would be Face, Finger and PIN all have the same limitation.

And the PIN unlock limitation is because you need to access the server to verify that that is correct?

I think provding the options page makes that really clear (it can be a bit convoluted to explain!) then I wouldn’t have an issue with those two approaches.

Maybe the security control page would be better if you actually had three options:

  • Check with PIN every 90 days
  • Check with PIN every app open (disclaimer: no internet bad)
  • Check with FaceID / TouchID when opening the app and connected to the internet

(Rather than the Face/Touch option being a separate menu)

1 Like

Wait, when you say PIN unlock for the app. Do you mean the phone pin or the card pin? I was assuming the former…

It’s right there in the very first post:

Don’t see being unable to log in without internet access as an issue.
Anything you might be looking to do that would be urgent enough for this to be a problem for you (maybe transfers out, or authenticating some payment) you couldn’t do those properly right now without internet access anyway.

3 Likes

@Jami sounds perfectly reasonable but make sure customers can still get to the monzo phone number, and maybe a link to a monzo.com help page, for those times when their phone won’t connect to the internet (eg they’re abroad and they’ve lost their card and they want to know how to get in touch)

1 Like

Personally like the change, I can keep using biometrics the same as I do now since I’m 99% connected to data anyway.

Does the pin used to unlock the app have to be the same as the card pin? I can imagine people might like a different one in case of shoulder surfing, and would using a different pin allow it to be stored locally (encrypted ofc) allowing offline auth?

If you have a JA which Pin would be requested? If it’s the last card open on the carousel this could get a bit confusing.

I would assume to be able to work for SCA, it needs to be the card PIN.

That’s a good point - I assume it would be the Personal account, which is treated as the ‘main’ account.

I imagine that SCA allows you to verify yourself ‘globally’ per app, but could cause a problem if you need to do it for both accounts independently (because your 2nd factor is only relevant to one account in the case of the PIN)

2 Likes

That would make sense but there’s a couple of places in the app currently where you are setting account level options (gambling block, fingerprint auth) but the pin requested is the account in context.

Just an extra test case if this goes ahead :grin:

1 Like

It’ll be your personal account’s card PIN, even if you have multiple accounts :+1:

Thanks everyone for your feedback! Will share an update once this moves beyond an idea and starts becoming reality.

:bowing_man:

8 Likes