Security Bug


#1

Forgot the password ages ago but at the weekend and needed to redo a security video.

After I submitted the video it said it would text me to get back in. Realising I had changed my mobile number since opening I went to the settings screen to update.

It then told me I needed the password in order to change it (which I didn’t have and was the reason for doing the video). I figured I’d just put the old SIM card in later…

But it actually sent the request through to the brand new number it said it needed a password to change, even though I didn’t have it.

Should point out that i dont think you should need a password to do it anyway - al already mentioned in another thread - you have used touch id to gain access to the app. BUT if it needs a password to change it why change it without.

(Second issue i’ve had with password in the app - it wouldn’t accept it for payments telling me i had it wrong - but then accepted the identical incorrect password it for a current account switch - and subsequently not that same accepted one anywhere else in the app.)


#2

Please can you report this directly to CS as well please.


#3

@Joe_Merriman have done too Joe


#4

Cheers! @lee


#5

Bangs head against the wall

Starling -
"you dont need a password to change your number"
erm yes you do - it asks after you enter it

“The security is the verification is by sms”…“it’s not possible to request a number change unless from a device previously authorised by yourself”
@sarah.guha So then why even bother asking me if its verified by the device?

Talk about contradicting yourself. You dont ask / you do but its not needed so no issue?

I find this really irritating if you dont know how its meant to work no wonder there’s issues.

I also just raised that despite not spending anything today the pulse was showing yesterdays transactions in the outer ring.
Advice was to delete the app and reinstall - which fixed this but what a poor execution. The next time i’m required to do that its going.

Also if you’re having to reinstall because of an error - its also a crappy experience to have to then be forced to enter income/expenditure details on a couple of screens just to get back in.


#6

Hi @lee, we’re sorry for any confusion. You are right we do currently require a password to change personal details, including mobile number and email address.


#7

@Robin Thanks, my point is that it might be worth looking at how it changed it without then?


#8

@lee with the changing of your phone number, we have been attempting to recreate the circumstances and always get asked for the password. Can you send an in-app message to us with the steps you took so that we can investigate further?