Ok but additional touch or face id
What are your thoughts on Passphrase?
Johan 🐱🇳🇱Champ
Handherkenning heeft altijd prima gewerkt. Maar Face-ID is wel veel makkelijker. Wachtwoordzin nooit hoeven gebruiken. Dus van mij mag het weg.
Hand phrase could be a problem if there are problems with the camera and face I'd should maybe be used with a photo of you
Double authentication in one Never thought about that.
Think the only secure is fingerprint but even that maybe could be jammed
DennisRookie
How about optional 2FA like (Google) authenticator or an other form of an one time password? Something that can be used as a backup to face-id or hand recognition.
Mooi
CallimusaRookie
Hand recognition doesnt always work, passphrase should and if not, implement 2FA
El patronWizard
Beveiligingsleutels zoals yubikey e.d
TomRookie
I cannot understate how horrible I think the hand recognition is. I’ve been locked out of Bunq because it wouldn’t recognize my hand. Never have I felt so bad about one of the most important services in my life. Getting rid of the passphrase would force me to use the hand recognition again and I desperately don’t want to ever have to deal with that again. Please do not go ahead with this.
RicardoRookie
Is this about the passphrase you need for larger transactions or the 6 digit PIN to open the app?
A possible solution would be holding a linked Bunq card to the NFC reader of the phone, for those things that need additional security. (Mastercards also keep an on-card ledger, which can also be checked against transactions on your Bunq account).
But please don't disable the passphrase method, I use a passphrase I can't even memorize myself, for security reasons. I have it backed up on a piece of paper, for when I need it. And as far as I know, I don't need it very often, only when doing things that require more security, like logging in on another phone... So giving users 12-24 words and let them write it down on a piece of paper would be a good start. Also consider adding an expiration date...
(PS. I generate my passphrases with Diceware, an open source Linux utility, for those who want to know.)
readefriesChamp
I also use the passphrase, as hand recognition almost never worked. It’s not reliable enough to use as a proper security feature. Or is the feature that it tries to limit your spending? In that case it works very well 😉
As long as you use a long enough (length is more important then complexity) passphrase, which you only store in a password manager, the passphrase is very secure.
Removing the passphrase would really lower to love of using the Bunq app through the horrific hand recognition. It would make me very said 😢
GijsRookie
- Edited
The passphrase gives me a very unsafe feeling as it violates the 2-factor authentication philosophy.
- Something you have (e.g. a handscan)
- Something you know (your pin code)
With passphrase enabled, both factors of your authentication are a "something you know" component. So a keylogger, or simply someone looking over my shoulder whilst I am entering my password/pin could gain access to my account and therefore my savings.
Keyloggers or someone looking over your shoulder would not be able to do this if the authentication method also contains something only you have.
Highly likely that I will use bunq as my main bank once this issue is resolved. :)
(Note: I suppose bunq also uses additional security measures to detect suspicious behaviour on your account, but I'd rather not rely on that)
SSanderProdigy
@Gijsbrecht-Aquamarine-Swan#161889 I have no passphrase configured, just handscan, and it works fine for me. (Handscan is not working reliably for everyone though). 👍
GijsRookie
@Sander#161904 That's a proper solution, but I have already configured my passphrase and therefore it can no longer be removed - even support can't remove a passphrase last time I asked.
JeroenAce
@Gijsbrecht-Aquamarine-Swan#161912 Dat is toch raar. Lijkt me een verbeterpunt voor bunq voor in een toekomstige update
MarkusRookie
Really good topic. Overall security does not feel strong in the journey, e.g. I have never been asked for my passphrase even if transferring larger amounts or switching my phone (!). Security keys or any form of 2FA would help to make the model better. Setting up handrec does not work for me.
AA.G.I.Rookie
Hand recognation never worked since beginning of Bunq (when I was a free member). 2FI like Tresorit or Protonmail have it as option would do fine. Passphrase worked always
LucasAce
I’ve tried the hand recognition a few times and in most cases it failed me. There are a few reasons the hand recognition is flawed:
1. It’s highly dependent on lighting.
2. It’s another biometric factor (which cannot be changed, like fingerprints).
3. The current implementation is kind of discriminatory against lefties. Why do I have to scan my dominant hand? I know I can technically also use my right hand, but then the visual guide is useless and it’s even more unlikely that my hand will be recognized.
That’s why I immediately set up the passphrase, because I too was locked out due to failed hand scans.