One of the biggest complaints GCash has gotten over time was the manual input of the MPIN. Since the MPIN was only 4 digits, it was also easy to remember, and easy to take advantage of especially when it comes to scams.
This is why there are one-time passwords (OTP) implemented aside from an MPIN. This is to make it harder for someone to get into your account as it needs the actual phone (and SIM card) at hand to verify yourself.
It would make it harder for scammers to get into your account as they would need to ask for not only the MPIN, they also need to ask for the OTP. But even with this added complexity, there are still lots of people scammed everyday.
Recently, a GCash update allows biometric logins like fingerprint and face recognition, similar to Paymaya. This makes it easier for a user to log in as they can forego inputting the MPIN.
How secure is using your fingerprint or face ID to log in?
Logging in is definitely easier now using your biometrics. However, keep in mind that this does not make your GCash account more secure. In many cases, you just increased the ways hackers can circumvent your account.
For fingerprint recognition, there are databases of fingerprints somewhere out there. An example is when we registered to vote we gave COMELEC our fingerprint data, which eventually got leaked. Even though the leaked fingerprint data cannot be used, it just goes to show how easy your personal data can get compromised by third parties.
As for facial recognition, there are ways to fool your phone — one is having a look-alike log in on your behalf. Perhaps your siblings can look like you a lot. Or another way is to show the camera a picture of your face during close up. And it’s easy to get those, especially if your social media accounts are public and your posts are full of selfies.
Biometrics are great since they are unique to every individual, however this uniqueness can also be used against it. We cannot change our fingerprints nor our faces (most of the time). And so the best way to secure your account is by being vigilant. Scammers can still fool you into giving your MPIN and OTP even with biometrics login enabled.
How can I enable biometrics login?
Here are the steps:
- Go to Settings from the Sidebar. Click on Biometrics Login.
- Tick on the “Enable Biometrics Login”.
- A page will display waiting for your OTP. Input your OTP once it arrives.
- Once done, you can now see the “Login with Biometrics” link on the login page. If you are using an Apple device, you can log in using Face ID if you have that enabled in your device.
If I have multiple GCash accounts on my phone, does this mean that enabling biometrics for one account enables it for all?
No, it only works for one account. Once you change number and enable biometrics for that, the setting is enabled for that account only.
GCash has made logging in easier with the biometrics login. However, it does not make your account more secure. You can still be scammed using your MPIN and OTP. Security is only as strong as the weakest link. And vigilance is still the best security measure.
If you’d like to learn more about GCash, I created a how-to on the basics of GCash.
Here is a list of links if you’re interested in the main GCash features: