But it doesn’t change the truth of my argument. Seriously - how can putting in a PIN when you login to a new device for the first time be a hassle? You have to do it for transactions anyway and it only takes 3 seconds. On the very first login on the device. It’s a no-brainer.
Yes, exactly. Which is a minor inconvenience (if any) for a genuine user as they won’t be installing the app on a new device every day - every year, perhaps, if they really love their device upgrades…
So although you may be able to get into the app if your email is comprimised, it’ll be even harder to make any payment, I think the requirement is: something you know, and something you have.
How about someone who does access your account, and verifies a PayPal transaction, linking a random PayPal account with your Monzo account. Payments can then be made through your bank account.
My issue with magic links is what happens to someone who utilises MFA that relies on their mobile? If they loose their card + phone they will be unable to receive a magic link to block
their card by logging into the web.
Monzo do not answer their phones it seems.
Also some people do not have email on their mobile which means they need to manually type in the magic URL which is annoying.
It seems to me that it would be more accurate, and a little less confusing, to say that someone who utilises MFA on their email will still receive the magic link, but will be unable to access it due to not being able to access their email.
Am I understanding your intention correctly there? As it appears from the replies not everyone is able to figure it out.