We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Tandem App Security. What is the point?
I just went to log in to my Tandem app and I incorrectly entered my pin code. I decided to use the forgot code link. I was asked to enter my mobile number and a OTP was texted to me and I was then able to set up a new pin code.
What is the point of this pin code? If it wasn’t there, I could go straight into the app. Because it is there I have to enter it correctly but if I don’t know it. They will send me a OTP to set up a new one. So from the point of view of security, it does diddley squat.
If someone has access to my phone, they can reset the pin and access the account. The pin code therefore serves absolutely no purpose. It seems to me that the whole security issue is bound by how I’ve set my phone up to permit access to it rather than the bank themselves attempting to prevent anyone from accessing.
Comments
-
If they knew you log in details but didn't know the pin code or have your phone with them, they wouldn't be able to access the account.
Also I would expect continuously resetting the code in a short space of time will trigger further review of the account.0 -
This highlights the importance of ensuring you have a PIN set up on your SIM Card. If someone steals your phone, they could simply put the SIM in another phone and if unprotected they then have access to your phone number. OTPs can then be easily requested. Putting a PIN on helps prevent this. Many people don’t think of this risk.5
-
But my point remains, why even bother with the pin code as it provides no additional security that I can see. I would've at least expected Tandem to ask me a few other questions that are less guessable than my phone number before permitting a reset.
0 -
Absolutely correct, as I'm sure I've written before it's "one factor authentication". When it was discussed before I proved the point by installing the app on Lady Q's phone and got access to my account with nothing entered except my mobile number and the consequent code.1spiral said:What is the point of this pin code? If it wasn’t there, I could go straight into the app. Because it is there I have to enter it correctly but if I don’t know it. They will send me a OTP to set up a new one. So from the point of view of security, it does diddley squat.
Again when discussed before people minimised this issued by pointing out that all a hacker could do was move money to your existing nominated account. To me that's sort of saying "It's OK for Tandem to be insecure because surely everything else is secure". It also misses the point that rummaging around I your bank account, and in the linked account might give information to help with ID theft or other fraud.
1 -
It provides additional security if and only if you use a different device for the app than your phone.Another way to bypass is to install the app elsewhere as the PIN is set up locally on the device only.All in all a poor implementation.1
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.3K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.2K Spending & Discounts
- 243.2K Work, Benefits & Business
- 597.7K Mortgages, Homes & Bills
- 176.6K Life & Family
- 256.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards