Please add an option of setting a password in addition to the SMS verification as otherwise anyone who gets control of your mobile number (which can be scarily easy) can essentially see all the data in nova.
Hi Dragon, we didn’t include the passcode step in the onboarding to make it faster but you can set a PIN code in Settings / Set passcode.
This passcode will stored on your phone and not on our server, so whenever you log out or use another device, you’ll need to set a another code.
Let me know if this answers your issue!
That’s the problem you can essentially get the data on another device just by having the SMS OTP.
It would be good if the pin/code could be set account side so it’s required for any subsequent login regardless of device.
We will add it into the backlog, however it’s not the top priority as soon as Nova has read-only access to users’ data. Currently by design it is enough to have the access to your unlocked phone to login into your Nova account. That is the common practice and even some payment apps have an option to restore the full access with just SMS OTP. Of course, the latter is a bad practice.
Users, who worry that someone would steal the SIM-card in order to get access to their Nova account, are recommended to use the SIM-card PIN code, that will protect them from the whole class of attacks against the apps which use SMS OTP.