But that is what I mean they need continued access to your account but that does not have to be on your phone.
1 Like
I couldnāt remember if card activation was behind the pin or not so that is good 
Though app access I still see as a different concern.
It is great this is being automated. One step closer to customers being able to self serve 
I think we need to look at risk and proportionate security. Monzo will likely have had to document and agree security provisions with their regulator.
The email point is well made, but applicable to many/most internet services. How many can you regain access to via email? (Not to dismiss it, but we should all take measures to protect ourselves - itās wider than Monzo).
All in, my view is that Monzo is doing the right thing in reducing security friction. I understand that some people have an emotive need for additional security (āit doesnāt feel secureā) - this is valid and might require additional options (like fingerprint auth to get into the app on Android), but I think we should a) trust the Monzo security folk (whoāll know much more about checks we canāt see) and b) secure what we can (including email and access to our devices).
(On that emotive security point, Iād personally feel safer and more in control if there was a web interface to freeze cards / service accounts etc. I think thereās an unemotive need for this too, but thatās another story 
)
6 Likes
Yeah I understand what you are saying. And I guess if the customer is not liable for any āFraudā it is as much about Monzo protecting themselves as much as the customers perceived protections. So would expect this to evolve as Monzo starts seeing any Fraudulent trends and adapt accordingly.
Coming from a company view of being extremely risk averse you become accustom to security being in place for everything. Whereas Monzo have the unique position to start with less and add more in as appropriate.
Though I do think options being held behind a card pin to be very affective and a frictionless solution as a security measure.
Itās exactly the same as someone hacking your emailā¦ clicking forgotten password and accessing your account that wayā¦ a hacker can get into any of your online accounts with access to your email server in no time at allā¦
Bank, Energy supplier, Council Tax, HMRC anything reallyā¦ unless you have 2 Factory Auth so its as secure as anything else on the internetā¦
3 Likes
Haha, not HMRC. Itās a challenge to the actual user to get into their HMRC account! One of the best Twitter threads ever in my opinion (itās a series of four, well worth reading them all):
https://twitter.com/jbwol/status/957252002584711168
Seriously, though, HMRC requires 2FA.
9 Likes
It is a PITA having 2FA on HMRC. Someone I know got divorced. Their ex has to ring them for a code to get into their HMRC account. They want to change the mobile number that receives the code but HMRC say it is nothing to do with them and to contact your Gov.Verify provider. They have contacted all of them and every one suggests they try contacting a different provider, none will admit to being the one they registered with. 
2 Likes
Hey @Frankiejr! Thank you for your feedback. We indeed want the keyboard to be dismissed and weāre sorry this hasnāt been dealt with before. Watch out for a fix coming very soon!
4 Likes
Still havenāt resolved the ājumpā that occurs when you switch from any tab to the Account tab.
Everything jumps up a certain amount of pixels but not the first time.
Once you see it you can never unsee it! 
2 Likes
Hi @matthewjvoce. This is on our radar and weāll have a fix for it very soon!
6 Likes
I never noticed that beforeā¦ now its annoying me 
4 Likes
I loved the four-asterisk PIN button, so Iām very sad to see it go 
2 Likes
Hey all! 1.9.26 is now publicly available 
Letās discuss it here.
1 Like