Security issues – CardNav Review

This app provides helpful functionality but falls short in a number of areas: 1) it doesn’t make it clear that the login is not your bank login despite displaying your banks logo. So I imagine a lot of people enter their bank log-in at first. 2) the app limits passwords to 8-12 characters. Welcome back to the 1990s. 3) the app requires you to manually logout. This is inconsistent with how every other app having access to financial data performs, 4) the app does not support touchid or faceID, 5) the app doesn’t work nicely with password managers 6) the app emails you your login id after registration. While it is fairly typical to email a user their iD when they indicate forgetting it, sending this automatically at registration unnecessarily makes that half of your login credentials more accessible to bad actors on the internet. These are all fairly basic things, so hopefully the backend security is done better.
Review by Brain on CardNav.