Magic link, but no email access


(Remco) #1

So I don’t have my email on my phone, but when I sign in to Monzo on my phone I get sent a magic link. This means that I have to go on my laptop, send the magic link via text and then open that link on my phone to then access the app. Admittedly, this doesn’t happen often, but I have uninstalled Monzo a few times this year because I ran out of memory and briefly needed another app. I also swapped phones a couple of times.

Would it be possible to request this link to be sent via other ways like your mobile number, facebook or slack?


(Ben) #2

Best thing to do in this case is use the built in web browser on your phone to access your emails.


(Remco) #3

Yeah, but it’s one of those roundcube webmail accounts and webmail doesn’t respond well on mobiles. It’s very difficult to open an email as it always thinks I’m selecting instead of opening it.

Either way, I would prefer to receive the link via text instead of email.


#4

Yeah, I understand that. I’d also like alternatives to “magic links”, as they so fully rely on your email account, and there are quite a selection of potential use cases were you may not have access to that. Allowing the use of passwords might not be a bad idea…

For text messages specifically, though: Text messages are so easy to intercept, redirect, and manipulate, that I think any use of text messaging in relation to authentication needs to stop.


(Remco) #5

Yeah, I appreciate the issue with text messages. 2 factor authentication (like authy) could be a good alternative instead of magic links though. I think people should be given the option.

Maybe we could set up a poll and see what people think?


#6

Sorry, I don’t understand: How could 2FA replace magic links?


(Remco) #7

login with your password and 2FA… or use a magic link?


#8

Oh I see. So password + 2FA replaces magic link. That makes sense - and would indeed be my preferred solution, too.


(Remco) #9

at least it also gives you an alternative in case you got locked out of your email account.

Lets see what Monzo thinks :slight_smile:


#10

I agree

Sadly, Monzo have in the past strongly resisted any move to change their login / authentication model, so I’m not holding my breath …


#11

like this…

just millimetres thick and about a quarter of the size of those huge card readers the high street banks tend to use!


(Remco) #12

I don’t think that adding optional 2FA would take you back to 1995. Unless you ask us to carry a separate device.

Just an authy API would do.


#13

:scream: how dare you, Richard?!

:wink:


#14

The worse thing was when RBS gave me a sheet of signal codes to authenticate any fax instructions I sent them. A page of numbers where you crossed one off with a pen each time before using the next one in sequence :rofl:


#15

They didn’t insist on the enigma machine to go with that list? How forward thinking


#16

I remember years ago your branch would give you on request blotting paper with your cheque book so you could use a fountain pen…the blotting paper was a lovely cream colour :joy:


#17

We used to use these for online banking in Germany for years. We called them TAN.

The next great development was that they request one at random, and it was called iTAN.

Then - shocking - we went to texting a number, called mTAN.

Then the great progress to ChipTAN were you got a card reader (which you had to pay ca 10€ for the privilege of having one posted to you).

I suddenly feel really old …


#18

Fidor UK use mTAN and their customers often complain and wish they would use email instead.

Personally I see issues with both…no phone signal but on wifi you prefer email, poor data connection you prefer text…so why not have multiple options and user select the one they prefer!


(Eve) #19

This is what I have to use back home and loathe it. Recently they’ve changed to allow fingerprint login but you still need it to do transfers. I hate paying anyone, it’s too much effort.


#20

I need one to access a mobile banking app! WT*