Well, it would be dead easy to convince CO that you were me, though, if you had access to my phone and were able to google my real name (not a huge challenge since my name is displayed in the app): They wanted some number from my Monzo card, which I didn’t have with me. So they fell back to asking for my current address (seriously? That’s displayed in the app!) and birthdate (maybe yours is secret - mine isn’t) for id verification. ANY pin/password would provide better security than that.
I hate those supposed “security” reasons which are in fact only a minor annoyance but provide no meaningful security at all (see my rant regarding signature verification above).