Revolut app security

ckholm · May 19, 2019, 3:23pm

Hi,

Does anybody else find the 4 digit pin code app login a little disturbing ? Shouldn’t those kind of apps have a more secure password ?

thepoorswiss · May 19, 2019, 5:39pm

I feel the same way! I really wish they had a longer password as well!

Bojack · May 20, 2019, 5:18am

Your credit card also only has pin. Is it much different? I’m using Revolut with Face ID to log in, not that it makes it any safer, just saying.

Btw I wonder how credit card companies and Revolut can withstand brute force attacks, when most are protected with only 4 digit pin and a additionally a 3 digit code for online payments.

dbu · May 20, 2019, 7:45am

There’s also a fingerprint reader login, if it calms you down.

Thaek · May 20, 2019, 8:55am

This is only an additional protection for the app. You can have whatever security you want to lock your phone.

nugget · May 21, 2019, 8:59pm

@security of biometric data: zero

http://mediathek.daserste.de/Reportage-Dokumentation/Pässe-für-Kriminelle/Video?bcastId=799280&documentId=54850588
(sorry in german)

i just got across this topic very recently. basically, almost any kind of biometric data is super easy to fake, thus nonsense for security use cases. and once your biometric data is in a hacked database (which lots already are) you cannot use them for the rest of yor life

ma0 · May 22, 2019, 7:19am

obligatory xkcd comic here:

Use whatever you want to protect Revolut, No one is going to take your fingerprints just to steal some hundred francs.
Facial scanning on the other hand is way easier…

Bojack · May 22, 2019, 11:26am

What do you mean? I thought Apple’s Face ID is pretty solid? The way I see it, if you only have a PIN, then somebody can see you enter it and then steal your phone. With a protection like fingerprint or face, they will have to force you to provide it, which is a much higher crime.

How is facial scanning easier to bypass than fingerprint?

ma0 · May 22, 2019, 12:01pm

Hopefully it doesn’t work like I’ve read about a vending machine in Japan a while ago. With that Vending Machine you only have to put a photo of the person in front of the camera.

I’ve read somewhere that hackers did indeed hack Apple’s facial recognition after it came out.

It’s fun to discuss it, though I suspect it’s not 100% relevant to our cases. The 5$ wrench is always the easiest solution as long as there isn’t sloppy facial recognition or dumb PIN involved.

Bojack · May 22, 2019, 12:50pm

I’m sorry, but when you’re quoting arguments like this, you could do some research before. First of all, this article is already old. Last year Apple has released an improved version of Face ID. Secondly, their hack seems pretty advanced. They need to digitally scan your face and then make a mask and then paste the 2d image of eyes and face on it. Seems like a lot of work, would be easier with the wrench.

I find Face ID a good compromise between security and ease of use. Imagine you have to type in your 16-character alphanumeric password each time you unlock your phone…

nugget · May 22, 2019, 7:38pm

It’s a massive misperception. Fingerprint? every interested youtube-consumer can copy it from a throw-away coffee cup within 30 minutes and make your phone believe the copy is your finger. same with iris & face scans. The documentation above discusses & shows the fingerprint & iris fake. It’s not solid, rather convenient. And if you once “lose” this key, noone can give you another one.

Probably with really sophisticated optical system it can be made much harder to fake an iris scan, but those devices are not going to consumer electronics

ChickenFat · May 22, 2019, 8:39pm

Face and finger should be the user name. Not the password. You only have one face and 10, well let’s say 20, well let’s say 21 fingers.

Bojack · May 23, 2019, 6:40am

I didn’t know you can get a face scan from a coffee cup! OK, I guess the fingerprint is not that safe to use (still, safer than PIN, for PIN you just need to see it being entered once).

And by the way, I was talking about Touch ID and Face ID, not your knockoff Android phone for 200 bucks.

https://www.howtogeek.com/350676/how-secure-are-face-id-and-touch-id/

Touch ID has successfully been hacked. However, the same researchers call the technique “anything but trivial” and “still a little bit in the realm of a John le Carré novel”. Basically, what the attackers need is a complete high resolution, non-smudged copy of your finger print, as well as thousands of dollars worth of equipment.

If someone targets you and has a lot of money then sure, they can break many protections, but if you lose your phone and the finder doesn’t know you, or your colleague / flatmate / putzfrau wants a peek into your phone while you’re not around, then this kind of protection is sufficient.