Currently to log into Monzo, you enter your email address and then receive an email with a sign-in link. While this can be nice, it means that anyone with access to your email now has access to your finances. This can, obviously, be an issue where an email account has been compromised, or in cases of domestic abuse where an abuser has control over their partner’s emails.
I understand why Monzo wouldn’t want to use passwords which could be susceptible to phishing, but relying on email doesn’t seem any safer.
So it would be great if Monzo would add Passkey support for login.
Passkeys are supported by all major platforms, and provide a secure login mechanism that doesn’t rely on users remembering a secure password, and are resistant to phishing.
So a hacker needs the email address you used to register your Monzo account, access to said email account and your app PIN. And if you have Added security set up, there are even more layers to get through. Very secure.
As an optional authentication factor, I think passkeys would be great. Revolut already supports them. Passkeys are not phishable like passwords, pins, or anything that the user can accidentally share. They’re also owned by you (you can even use a hardware key) and not your email/cellular provider.
I appreciate it’s still only known by mostly the younger, more tech-savvy users, and there will always be people who will resist a new thing just because they don’t want to use it, but anyone in the security circles will tell you how passkeys are the future of authentication.
I believe it’s more of a question of when, and not if, Monzo will implement this.
Passkey + PIN would be even more elegant than a magic link and also resolves issues with redirection (which doesn’t work that well on all devices or all email clients).
