Security standardisation for getting into the app

I also agree. The UK has a very irritatingly amateurish approach to many things. Foreigners might think that quaint (only the British would believe that though) king more so than FinTech apps and digital banking. Can we please have something approaching 'a standard approach to security. I cannot be the only individual with a smartphone and litterally dozens of apps which meet the description of legacy banks and digital challengers. Everyone of these takes a different stance on security etc and each uses different/downright confusing descriptions for “password” or account verification or “passcode”, as Dozens has just done (after months od simply accepting my “touch ID”. I have two Dozens cards and multiple "codes to enter when appropriate. No, these are not remembered (stored securely) nor forgotten but, come on for crying-out-loud tis is past ridiculous! Please sort out a second layer of access based on 2FA and capable of working across the OS eco systems. I have Starling on two phones, one iOS one Android 9 they/it just work, no nonsence. If Dozens seriously wants a large customer base it needs to get the basics right now, not eventually.

[Sorry for moving this, but it addresses a different issue to the original topic, and I hope I can answer some of these questions for you.]

The Dozens login process.

When you create a Dozens account, you enter your own 5-digit PASSCODE. This is unique to you and is important as a security layer to identify you when linked to your registered mobile number so that you can access the app.

Biometric security, such as fingerprint or face recognition, is not available on all devices and even when it is present, it is not available by default, and you need to grant access to this security layer on your device. Not everyone wants to use this.

As such, we use this passcode to ensure we keep your account safe so that when you log out of the app fully, such as when reinstalling the app, we have a way of controlling who accesses your account.

Once you have authenticated with the app, you can then grant the Dozens app access to your biometric information, and from then login using your preferred method (as you have been doing). You may therefore have to confirm this again.

Logging out completely happens when you manually select ‘logout’, but will occasionally also happen automatically when you update the app if we make any changes to our security settings or if you (re)install.

If you have forgotten your passcode you can always reset this in the app.

In addition to the passcode, we use a single use VERIFICATION CODE which is sent to you via SMS when you log in.

The verification code is used to ensure that you still have control of the registered device and someone is not trying to access your account on a different phone.

Together, these are multi-factor ways of keeping your account safe.

We take security very seriously, and occasionally this may prove to be more strict than other apps, but we believe that these are rules worth following.

Industry standardisation

The idea is good. As people become more familiar with digital security processes, this will probably become easier.

However, technology is moving so fast that it would probably be less safe to stick to an approach that ensured it was the same for all customers on all accounts - it would have to be the most basic option.

Even today there are increasingly sophisticated options that are only available on a small number of devices. Fingerprint and facial recognition are becoming more widespread, but are certainly not universal.

In future there could also be voice, iris, … breath, DNA, implants, etc. As you can imagine, it will be hard to stick to a single standard for all and we will want to offer the best security we can for each customer.

4 Likes

Dozens is the only Finance App I have atm which uses Face ID (I Have Samsung S10+). Its a really good feature and makes for a smooth login process. Surprised and pleased that Dozens is the first available (Out of about 10 Finance Apps)

1 Like

One of the main reasons barclays is my main account is I have never needed anything more than my fingerprint or pincode {once the app is validated} to do anything in the app. And it is without doubt one of the most secure banking apps in the world, it wins awards every year for being such.

New banks make everything so much more difficult, having to remember passwords, having to remember pin codes, having to be able to wait for an sms.

Now I know its how it goes nowadays, but it’s not making it more secure forcing you to indentify every time you want to do something.

Those that move from banks that make it simple are going to notice how more longwinded and complicated it is using a new bank.

Yes random security is great for example barclays every 5 times you log into the app you need a pin not biometrics, although they are talking about changing that. But the app is already ready for the secure authentication changes as they have already been doing it.

The whole you have to verify yourself to log into your account and then again if you want to set up a new payment is backwards not forwards. If your app is secure then you don’t need all the additional verification.

Basically I think dozens needs to make the flow to set up payments and standing orders when you allow them, to be simple. Not a complicated thing, and pretend it’s for security, when that’s just an excuse really.

I signed up for an rbs account for the switch bonus. The whole process was simple. The signing in is long winded with random numbers and password, however setting up a payment was a breeze, no need for passwords or codes, it was quick and easy. The same can’t be said when setting up a payment with the new banks.

2 Likes

Revolut was rather easy, as was Starling

Then again - for the latter I did need a password.