What is the point of mobile banking apps security?

I thought the idea of Passcode is lazy way to get access to the bank account without having the user to type user name, password and OTP.

Then the FaceID or Fingerprint can access the app without entering the passcode.

😅 Usually Tandem logs me out completely out after certain inactivity and Biometrics wouldn’t work. I end up typing everything to see my account again.

Updating details like address require human interaction, just can’t be done with the app alone

Much like my hive App will occasionally ask for a code it then sends to my phone to login.
 the only device I have the hive app on is my phone, and it seems the only time it asks is in places with poor mobile coverage, a couple of weeks ago I was on my allotment and was wet and cold so decided to "boost the heating" so that when I got home 45 minutes later the house would be warmer. asked me for the mystical code which because I was mostly in and out of the greenhouse took 20 minutes to arrive.

That’s would be everything for Tandem. 😅 But I do know someone struggling to type everything.

🤔 “What’s number I registered for Tandem?” Some people do have limited memory capacity for remembering something so simple.

design.

Never heard of Tandem, but both the banking apps I use (FD and Nationwide) use fingerprint for unlock, once you're in the phone. If that doesn't work, you've got a separate PIN or password to the device's. If that doesn't work, it's an unlock that requires you to confirm ID with phone banking.

TBH, though, if your phone is in the hands of a bad actor AND unlocked, you've got bigger problems - because they've got your email as well as mobile number.

I'm surprised by your comments on Tandem. I've set mine up to use biometric security*. If that fails, or if I choose, I can opt to use a passcode. But if I've forgotten that.....it would appear that I can get it to send a passcode to my phone. So you are right, and its not very good. 

However, surely your phone itself should be secured. Though that does then question why the extra layer from the app. 

Tandem appears to be pretty weak in this regard*

I have just tried a quick experiment (but not taking all the way so as to not waste my morning) with First Direct and Nat West. Both require you to go online / phone to get past the "I've had total amnesia" stage.

Atom gives the option of face id, voice and pincode. I've not bothered experimenting what happens if all 3 fail.

Zopa seems to allow you to enter an email address to receive a reset. That obviously for most people can very easily be broken once a 3rd party has unlimited access to the phone. 

Chip: has just allowed me to get in without doing anything ! It didn't use to. Looks like at some point the security has got switched off. Biometric now switched on. If I try to bypass it, it requires contact with customer services. 

Santander requires contact with customer services: in fact it has sent me an email saying I need to visit a branch ! (thankfully I'm not so stupid to have taken it to that level). 

So Tandem and Zopa appear to be pretty weak compared to the others I've tried. Tandem I have quite a lot of money in. 

*That said, you can only remit money to a linked account. I'm not going to explore that too much. If I try to link to a bank that I have an app for, it takes me to that banks app on my phone and hence its security AND most importantly only my accounts. I'm not sure whether one could set it up to link to an account which is another 3rd party's account without going through some additional final security. I don't know. 

Chuffing Screwfix have recently changed their password requirements. Minimum 13 characters... but no need for extended character set.

"chuffingscrewfix" will fit the requirements then