[bobcattr]

The biggest threat to this is that it's a 4 digit code to unlocked on the phone. A stolen phone would allow access to everything. Figuring out that 4 digit code is super easy from fingerprints.

To make it more secure it should be two factor. Users enters code, scan and then the phone gives him a unique to enter.

[brennenHN]

Even in the best case, knowing what the four digits are, there are 24 possible options. We rate limit the PIN to 3 wrong attempts per day, so an attacker would need 8 days to be certain to gain access to an account. It is easy to remotely deactivate the phone from a computer, so the user's accounts will be protected.

That said, this is an area we want to make stronger. Using facial recognition and other, more secure, methods of user identification are on our roadmap as important improvements.

[bobcattr]

Giving a facial imprint is very risky for the user. I think it's wrong to add this to the system and force users to give this information.

Good luck though

[gcr]

If I want to prevent you from accessing your account for at least 24 hours, couldn't I just try to log in as you and intentionally enter an incorrect PIN thrice?

Am I misunderstanding something?

[brennenHN]

Yes, you have to have the phone, but this is still possible.

[gcr]

Ah, OK. Better than a remote attack for sure.