Security & Account
GoMonio uses multiple layers of security to protect your financial data and account access. Understanding these features helps you maintain optimal security for your account.
Written By Joska
Last updated About 1 month ago
Security First: GoMonio handles sensitive financial data. These security features work automatically, but knowing how to use them properly helps keep your account safe.
Password Management
Access password security through Settings β Security.
Change Password: Update your password anytime. Requires your current password for verification.
Password Requirements: Strong passwords with minimum length and complexity requirements
Security Impact: Changing your password logs out all other active sessions for security
Two-Factor Authentication (Email-Based)
Every login requires both your password and email confirmation for enhanced security. This is mandatory and cannot be disabled.
How it Works: After entering your password, we send a confirmation link to your email. You must click the link to complete login.
Time Limits: Confirmation links expire after 15 minutes
One-Time Use: Each confirmation link can only be used once
Active Session Management
Monitor and control where you're logged in through Settings β Security β Active Sessions.
Session Overview: See all devices where you're currently logged in
Device Information: View browser, device type, IP address, and last access time
Terminate Sessions: Log out of specific devices or locations remotely
Session Duration: Standard sessions last 1 day, "Remember Me" sessions up to 90 days
Security Tip: If you see any sessions you don't recognize, terminate them immediately and consider changing your password. This could indicate unauthorized access to your account.
Data Export
You can export all your account data at any time through Settings β Account.
Format: Data is exported as a JSON file with a timestamped filename
Included Data: Account info, sessions, profiles, memberships, financial data (accounts, transactions, categories, tags, budgets), and preferences
Complete Export: Every export includes all your data β there are no partial exports
THIS IS CURRENTLY WORK IN PROGRESS; Planning to implement better export feature later.
Account Deletion
You can delete your account or individual profiles through Settings β Account.
Grace Period: After requesting deletion, there is a 30-day grace period before data is permanently removed
Restore Profiles: You can restore deleted profiles within the 30-day window
Countdown: A countdown is displayed showing how many days remain before permanent deletion
Important: After the 30-day grace period, your data cannot be recovered. Make sure to export your data before deleting your account if you want to keep a copy.
Bank Connection Security (PSD2)
When using automatic bank connections, additional security measures apply.
Read-Only Access: GoMonio can only read your transactions, never initiate payments
Bank-Level Security: Connections use your bank's own secure authentication
Regular Re-authorization: Bank connections require periodic re-authentication (typically every 3β6 months)
Revoke Anytime: Disconnect bank accounts through Settings β Bank Accounts
Security Best Practices
Use a unique, strong password that you don't use elsewhere
Keep your email account secure (it's your second factor)
Regularly review your active sessions and terminate old ones
Log out from shared or public devices
Be cautious with email confirmation links β verify they're from GoMonio
Report any suspicious account activity immediately
Use password manager like Bitwarden.
If You Suspect Unauthorized Access
Immediately terminate all active sessions from Settings β Security
Change your password right away
Check your recent transaction history for unauthorized changes
Secure your email account (change email password if needed)
Review and revoke any suspicious bank connections