I noticed my Monzo app was letting me in today without asking for a fingerprint? Had to go in and switch ‘app lock’ on. I never switched it off. Am I going bonkers? Android user.
That happens all the time if you log out. And some times when the app has updated.
seems a bit of a security flaw! how strange
The only thing anyone acting maliciously could do with your (already unlocked) phone in Monzo is view your balance. They would be compelled to enter a PIN/fingerprint to move money or make a payment or do anything nefarious.
1 Like
Seems like the option is still there. Toggle switch to have biometrics or not.
Personally I’m glad to have it as an option, as if someone steals my phone whilst I’m using it (and therefore unlocked) as is happening a lot nowadays, I don’t think they will be able to get into my Monzo app. It was my only money app without extra security on it.
All they can do is view. They can’t do anything with your money.
It’s privacy, not security.
1 Like
Don’t let my post directly above yours detail your theory.
No worries I won’t. Have a fab day.
1 Like
This just popped up.
Looks like the 2 biometric security options (‘Open App’ and ‘Authorise payment’ using biometrics) have been combined into one option:
EDIT: There’s also a quick Lottie-file animation of an unlocking padlock while the Monzo app unlocks but I’m having trouble screenshotting this.
EDIT EDIT: Found the animation in the app code:
3 Likes
I’ve had the same notification. I wished you could set your own pin to unlock the app, if needed though.
Had this for a while now on Android.
1 Like
I’ve had this too. Switched it on as it said it was compulsory anyway.
I’m guessing this is because people are entering their phone lock codes whilst being observed in public by scammers.
Phone then gets snatched, and they can then authorise payments because Monzo allows phone PIN to authorise this, as well as biometrics. With this change, they would need to know your card PIN as well.
I’m not sure if the new option enforces you to lock the whole app or not. I lock the whole app anyway as I don’t want anyone stealing my phone and then looking at my account balances to decide whether I’m a worthwhile target.
However, for me this is less secure now. I have a 10 character phone password as backup to biometrics. Now Monzo is forcing me to have a 4 digit PIN instead.
But don’t you still require the ten character password to unlock your phone, and THEN the PIN before you can do anything with the app?
They’re stealing phones unlocked you see. So I’d prefer if Mozno asked them for my phone unlock password again rather than a 4 digit PIN.
Use the functionality on your phone that detects when it gets snatched and locks it.
They wont have your PIN regardless so they cant take your money.
I will thanks.
I just think it should be an option to keep your phone password for Monzo rather than a 4 digit pin which can easily be observed too.
Switch on ‘Added security’ - 3 levels of extra obstacles to stop account-draining following opportunistic device theft:
- Known locations - you/thief can only withdraw up to a pre-selected daily allowance amount if you are outside of the 2 trusted locations
- Trusted contacts - someone you trust with a Monzo account gets to approve/decline transactions upon review before the transaction happens
- Secret QR code - carry this away from your phone, as it’s needed to authorise transfers/withdrawals above your pre-selected daily transfer/withdrawal amount
1 Like
Thanks - I already have done that too.
Just a fact that a 10 digit alphanumeric password has more entropy than a 4 digit PIN, so I should be given the option to allow that. Also this is less obvious when being entered, especially if you set your phone not to show password characters when typed.
You could always protect the app (iOS anyway and I think android has had it for a while) which would use that as well as pin (assuming you dont use biometrics)