Login & Security


#1

In Login & Security settings there are two options under App Login
1 - Touch ID
2 - Application Passcode

If i turn these both off it still asks me to use touch ID to sign in.

I raised as a bug with customer service but they advised it was deliberate.

Firstly I think that this should be an option (like it is with monzo). My phone is protected by touch ID so to see a balance i dont want to login in again (for new payments maybe then touch ID me).

Although if it isn’t possible why waste my time giving it to me as an option?
Plus if it’s meant to ask every time I login, then it’s broken because it doesn’t always!


The Starling Bank roadmap: What's next for 2018?
#2

Hi Lee-am, Let me elaborate on the ‘deliberate’ or by design feedback from our customer service team.

When you use a passcode or your Touch ID to access your phone, you have already verified who you are against the data stored in the secure hardware on your phone, so we don’t need to ask you for a passcode every time you want to check your balance or view transactions. That’s why, when you create your Starling account, if you have Phone Unlock settings on you don’t have to set an app passcode or use Touch ID for the app as well.

Of course, we recognise that for a lot of our customers, feeling secure runs deeper than cyber security - privacy and control are also important factors. So, we provide the option to enable an extra layer of security using touch ID or an app passcode at the app level for customers who weigh privacy above convenience. You can either choose to do this when you create your account or in the Account Management section of the app by choosing Login & Security. By turning on these settings, you’ll be asked for Touch ID or your passcode every time you launch the app.

So, why when you have unlocked your phone and when you have Touch ID turned off in the app, are you being asked to re-authenticate? When you background the Starling app and re-foreground it, if your session has timed out, we’ll ask you to re-authenticate with your device security. This is to re-check it’s you - just in case you’ve left your phone unlocked and unattended anywhere. That is why you’re being asked for Touch ID when you might not be expecting it.

Your feedback is shared by other Starling customers though, and whilst we wanted to achieve a model that allowed our customers maximum convenience while still secure because we have the added device security check, we acknowledge it might feel inconsistent. So, we are currently working on simplifying the model - and will update you when changes are released.

In the meantime, I’d love to get a gauge from you and other community members of whether you lean towards always wanting touch ID to access the app, or if (like me) you’d foster convenience over privacy?


#3

Having Touch ID to access the app every time is preferable in my opinion. Touch ID works so quickly it’s not an inconvenience at all and I believe the added security is warranted.


#5

Another superb response to a question @sarah.gilbert - personally the way it works at the moment around Touch ID is not an issue for me, however I welcome changes.


#6

If you’re going to give this as an option then the app should really just be respecting these settings. If it’s not then just remove the setting. It seems pointless and confusing otherwise.


#7

Excellent response. Thanks Sarah


#8

Yep i think giving the option to turn ‘off’ and then it not doing so is odd. But its not clear why sometimes it asks and other times it doesnt for the same scenario - example when backgrounding the app it doesnt always ask me.

Also rather not be dictated to about security to check a balance from the phone being in ‘sleep mode’ two touch id requests in seconds for one action.

If your the type of person who lets anyone on your phone to do whatever or want the extra security then fine. If you’d rather not have to pointlessly duplicate the same task over and over and are happy to have it off i think that should be an option too.

Fast forward to when you support echo, home or homepod - would it refuse to tell me anything for fear someone else is in the room?

Example just opened the app after being in sleep mode for 10 minutes not asked for touch ID. Put back into sleep mode and 20 seconds later go back in but this time i am asked for touch ID :thinking:


#9

Hi lee-am, I’m going to DM you about your experience specifically.


#10

I understand why you’re doing it (though I would prefer not to have to reauthenticate just to see my balance - ask for Touch ID only if I’m about to make a new payment) but the Touch ID option is still misleading, you should really change it because it really feels like a bug.


#11

I’d favour maximum security as it is a banking app at the end of the day. Touch ID is so fast and convenient I can’t see any reason why it shouldn’t be used for authentication when opening the app or accessing any of the app functionality.

In fact, given the importance of perceived security as well, I’d argue that trust could become an issue if the app felt too easy to access. I know I would be wary if the app was so easy to access.

One thing that is somewhat unusual with Starling is requiring a password in addition to Touch ID for certain actions. I haven’t noticed this with other banking apps and it is slightly inconvenient. It would be great if there could be a way around this, or an option to use another method (perhaps a card reader for certain actions?).


#12

I disagree - my phone already authenticates me when I unlock it, there’s no point in reauthentication just to open the Starling app. Upon certain “write” actions (make new payment, etc) sure, but for read access I really don’t want to reauthenticate. This is my reason for preferring a competitor’s app where I can see all my transactions quickly without waiting for touch ID.


#13

Updates are coming on this, I’ll share our plans next week with you for feedback.


#14

@sarah.guha

It still does this…

example didnt look at it over night clicked the app logo and in right away.

Phone asleep 2 minutes later, unlock with touch id then click back in and it wants touch ID again - really really annoying.

I thought there had been updates to this?


Closed my Starling account
#15

Greetings of the day to all of the community members,
The login screen is not opening in starling.

Earlier the url mentioned below opens but not not opening.

https://oauth-sandbox.starlingbank.com

Thanks in advance.

Thanks and Regards,
Gaganpreet Singh


#16

Strange I can log into the starling app on iOS.


#17

Thanks @Gallifreyangirl for replying.

I am using developers account. There could be bug in dev kit.
If possible, Can you please try developers api for login?

Thanks in advance.


#18

The URL above I cannot login into it comes up with an error message.


#19

Have to tried it using your client id?


#20

Hi Gaganpreet

You should join our developers slack channel https://developer.starlingbank.com/community

Someone will be able to help you through the issue you are having.

Daniel


#21

I’d like to raise the issue, albeit a minor one from my perspective.

On re-opening the app, I am presented with whichever the last screen was that I used, and then, following a second or more delay, presented with the login (fingerprint) screen.

I would want it to re-authenticate, so I’m happy with that. The concern (as I say, minor for me but is an odd one regardless and perhaps more of a concern for others?) is that when you open the app initially you are presented with account details and transactions that can been seen. This may be an issue to some users?

I know that my legacy bank will request the re-authentication each time, but without giving anyone a sneak peak!