Authentication.

I ordered a TV online from John Lewis for a similar amount. I was abroad at the time (Switzerland). Barclaycard tried to send a code to my mobile phone which never arrived. In the end I was able to pay using Paypal. The sent a code to my phone which did arrive. Paypal then passed on the charge to Barclaycard!

The banking app passcode is one option at login - but if you have fingerprint enabled, then it normally pops up over the prompt for the passcode when you start the app, so you may not see it usually.

However it will request it for some authentication tasks, where there is the possibility that the owner of the fingerprint is "under duress" (or no longer attached to it!)

(so it would have been something you set when setting up the app the first time)

For me it asks for a 5 digit PIN (not my card PIN) either when I use the phone's PINsentry (won't accept fingrprint) or every once in a while it wangts PIN instead of fingerprint.

But I think several times Dave has mentioned his barclays account, it seems to behave slightly differently from other peoples, if you can sign in with fingerprint, under [...] Settings, Login&Security, do you get the option to Change Log-in Passcode?

Andy Burns brought next idea :

All of my accounts accessible via my Iphone, are able to use a finger print - the very same one as used to open the phone up. It also works for contactless payments.

I have the phone set to accept either a left or right thub print.

These new super safe security methods are a life saver and a killer all rolled into one.

Yes I hate all of that. One big issue the blind are having is banks wanting you to use plug in keypads on computers, but they do not supply them with buttons any more just a flat touch screen, which is about as useful as a chocolate teapot to us. I do sometimes think on the way to trying to make stuff super secure they seldom think it through and then wonder why everyone starts complaining. Look at the hoops I had to go through to get access to my gmail account again in June. Brian

There is an element of bluff in these security questions. I was once asked where was I born. I had never given this information to any app. Our companies banks lost our recored one time (it does happen) It didnt stop them asking for a date of birth which they couldn't check.

One problem is the question might be rather obvious, like the make of your first car (Ford). Others could be ambiguous, especially problematic if you are typing the answer into a field on a form or telling a pedantic agent; if it's the name of your secondary school, did you include the word school? Or you might have gone to more than one: which one did you tell them when setting up the account? Or you might just make a mistake, like forgetting a foreign school trip when asked which foreign country you first visited.

I *never* put the 'right' answers into these kind of things; I just put random replies in, different for each site:

What was the name of your first school: teapot Where were you born: Saturn

etc. Of course you then have to have a way of looking them up afterwards. I use Keepass:

I set up a 12 digit lock pin for the phone and then when I installed the Barclays App it wanted me to set up just a 5 digit pass code.

Later on I changed the phone to accept face recognition which it does during the day but at the first use of the day the phone demands the

12 digit pin, however the Barclays App always requests the 5 digit pass code.

You are Sun Ra and I claim my five pounds.

Funnily enough, I met that well-known bonkers-person, Lee 'Scratch' Perry, once, and he said to me (on account of a ... personal pecadillo)

"Wow man ... are you from Saturn?"

(I don't actually have the ringed planet as the answer to any authentication questions)

J^n

You ought to be able to login to the app with a biometric, but if you are asked to confirm a transaction (or possibly use the pin sentry code generation), it always wants the passcode.

I have remembered my 5 figure password I set up. Just not sure why it wants that in addition to my print. Even more so when the alternative is an SMS message with a code anyone with access to my phone could use?

OK. That and pin sentry are pretty secure. But a code sent as an SMS?

It wants PIN instead of a biometric

If you know you're going to do e.g. a pinsentry transaction, you can click cancel at the fingerprint screen and skip straight to the PIN screen, avoiding the double authentication.

Probably because the app doesn't know what level of security you use to access your phone therefore it doesn't trust the phone and wants confirmation that the person using it knows the password

The barclays app on android doesn't care if you've only recently unlocked the phone by pin or finger print, the app wants the app pin (not the phone pin) entering, or the fingerprint touched *for* the app.

It has no concept of "oh you entered your pin within the last N seconds, I won't bother asking again"

Codes via SMS are less secure in general... The passcode on the app should never be sent via SMS though, or am I missing the point?