Digital Strategy & Marketing Consultant
•
7 reviewsDoes not recommend this product
Is Spendee secure without 2FA that they are not thinking to protect your login with extra security?
Is this a right approach to plan to take extra protection of your user’s financial data on a personal finance app?
They have replied to my review on App Store quoted;
I asked about 2FA
Spendee Replied like these quoted below;
"Sorry to see you leave and thanks for suggestions. Just to add - over 90% of our users who connected a bank account don't even lock the app with PIN/FacelD/ TouchID and also a lot of banks we are syncing require just password and username. It would feel a bit ridiculous to be "more secure" than the banks we are connecting, wouldn't it?
I understand you that some people see it differently, but we always prioritize feature development based on number of requests/complaints and suggestions and so 2FA will not come anytime soon as the demand for is simply too low. Hope this helps you understanding our approach and again, sorry to see you leave, thank you."
So, for sure 2FA doesn’t mean it is more secure, it means they will be taking extra measure for your users that their credentials might be stolen, anyone on earth can download their financial data via their app / web which could also be connected to their bank account regardless of how secure the banks are, that’s totally unrelated.
Would somebody enlighten me what can be the other ways for taking extra measures for users login process rather than 2FA etc?
Since Spendee doesn't have one and doesn't plan to provide one which is very unusual for a fintech app. Have you ever seen any fintech app that is without 2FA?
Spendee says they are not planning to add additional security for logins just because Spendee users don't even care about securing their data with Face ID/Touch ID etc and there is a low demand there and Spendee developers put their efford on hype-driven NFT just because there is a demand there?
Interesting case for product market fit, so it means they say good bye to 3-year long subscripted users like me to use the app for it’s core features that made it and welcome to the ones that demands NFT and doesn’t care about security at all.
Shall I keep trusting Spendee my financial data or shall I find another app that is more secure?
p.s; Spendee is on Google Cloud and I know the data security on Google Cloud is secure, but my point is not about their infrastructure, it's about high potential risks of data leaks if somehow your Spendee password is stolen, without additional security, anyone can download your whole data like your integrated bank account transactions to Spendee even if your bank is more secure.