But it doesn’t change the truth of my argument. Seriously - how can putting in a PIN when you login to a new device for the first time be a hassle? You have to do it for transactions anyway and it only takes 3 seconds. On the very first login on the device. It’s a no-brainer.
Yes, exactly. Which is a minor inconvenience (if any) for a genuine user as they won’t be installing the app on a new device every day - every year, perhaps, if they really love their device upgrades…
This thread is going around in circles - its making me dizzy.
It looks like some changes might be coming, all to do with Strong Customer Authentication:
So although you may be able to get into the app if your email is comprimised, it’ll be even harder to make any payment, I think the requirement is: something you know, and something you have.
The email links are annoying as I do not have email on the device I use Monzo with.
https://krebsonsecurity.com/2019/08/the-risk-of-weak-online-banking-passwords/
How about someone who does access your account, and verifies a PayPal transaction, linking a random PayPal account with your Monzo account. Payments can then be made through your bank account.
You can’t, the payment made by PayPal includes a code. You have to enter that code back into PayPal in order for it be verified.
Well exactly… someone who has access to your list of transactions, can link their own PayPal account and make transactions.
They also need access to your email account and how do you know that PayPal don’t perform any checks on the account name ?
As well as a whole load of other KYC information about you to open up an account?
Address, which can be found in the Monzo app.
My issue with magic links is what happens to someone who utilises MFA that relies on their mobile? If they loose their card + phone they will be unable to receive a magic link to block
their card by logging into the web.
Monzo do not answer their phones it seems.
Also some people do not have email on their mobile which means they need to manually type in the magic URL which is annoying.
You can login to Monzo web on any device can’t you?
Yes… But how so you login without email?
By using the same computer you’re using to access Monzo web? 
How?
There are loads of ways…
Some people do not use SMS verification Or they are on holiday
Getting codes out of a safety deposit box can take a few days
Some people do not want other verification methods other than codes stored securely away.
Or Monzo could use Passwords!
Innovative.
What on earth are you talking about? 
It seems to me that it would be more accurate, and a little less confusing, to say that someone who utilises MFA on their email will still receive the magic link, but will be unable to access it due to not being able to access their email.
Am I understanding your intention correctly there? As it appears from the replies not everyone is able to figure it out.
Yes, thank you.