Easy login and read-only mode

akzakz Member Posts: 3

Hi, I like idea to have android application. But I would ask two things to improve.

1) Currently login process is painful, I have long password for security reason but it is very difficult enter every time I start mobile application. Please remember password! 4-digits pin can be "replacement" for password entering in this case.

2)  Please leave "read-only" mode for the application. I like idea to see my transactioons but I do not like that somebody able to trasfer my money if he get my android-device. If application is read-only then to have 4-digits pin is enough for security reasons.

So, actually  there is one thing to improve - make easy start and keep safety at the same time. Thanks!

 

Comments

  • RomiRomi Community Manager Member Posts: 2,692 ✭✭✭

    Hi akz,

     

    1) For security reasons we cannot store your password on the device. It's too risky. We might look into alternatives coming up in the future.

    2) Thanks for the suggestion. We do want the app to be useful on the go, both to check balance and transaction and both to perform certain actions. This connects to the reason we don't store your Payoneer account password - so that your account isn't compromised if, say, your phone is stolen.

    Romi

    Community Manager at Payoneer


    Find us on Facebook & Twitter

  • alexzkalexzk Member Posts: 3

    Okey....I don't know my password(s), really, they all are like 64-128 bits randoms (or less if site does not accept it). I have AES encrypted database for that with master password like 20 digits long. I have copy of this DB on droid...but well, your application clears fields if I try to copy/paste, so I have to copy long password and type user name manually. 

     

    That's not the end. Device itself is encrypted with other master password long...I wrote program for meself which detects if I'm at home or not and switches password entry.

     

    So Imagine what happens when I want to check balance somewhere on shopping? :)

     

    1. Unlock device with long pass

    2. Unlock database with even longer pass

    3. Find and copy that huge acc pass

    4. Type my long email and paste pass...

     

    all this total takes at least 5 minutes  ... if I switch let's say to change current radio station and switch back... I have to repeat at least 3-4 again ...

     

    So would you please, for example detect if device is secured enough like encrypted and keep this password saved? Or allow to copy/paste ...or keep it logged in for 1 hour if secured...dunno ;)

     

    But current usage is just a toy  - "try to waste ur time or wait 30 mins until get home".

  • alexzkalexzk Member Posts: 3

    Addition: all new droid (newer than 2.3) have pretty unique device IDs, also you can generate it randomly or application may receive it from your server (so server guarantees unique). Next it is shown to user, next user types it in on website from PC, and now program shows read-only data without any password. If happens and user lost phone, he goes home and removes authorization for that code to hide data. That's all simple :/. Also it may be 4 digits pin in addition as Akz said.

     

    So In worse case (not encrypted device, lost pin code) thief can see only some transaction details. Master email and password to account is safe.

  • NissimNissim Head of Community Administrator Posts: 3,749 ✭✭✭✭✭✭✭

    Just to give a sneak peak: we plan to release a major app update within the very near future that will include:

     

    - Complete UI/UX redesign based on user feedback

    - Ability to remember last successfully used username

    - Additional support for alerts/notifications

    - Enhanced application monitoring system for technical support (bugs, crashes, etc)

    - Much more

     

     

    Stay tuned for the update - would love to hear your feedback after it's live.

Sign In or Register to comment.