Yes, I agree. Some sort of 2FA/MFA should be there to prevent any kind of misuse to the account (which is in probably many cases like you said in the same phone as an email client) by default.
Hence, I wouldnât say itâs only for power users as we are talking about financial applications and peopleâs money. A strong authentication should be default here.
Imo, itâs OK to only login to the app with a fingerprint or solely an email but when performing transactions another security guardrail should exist, like a second factor. Whether itâs again a fingerprint or any passphrase can be up to the user but it shouldnât be enough to login using an email and have full access to transactional money operations (probably even from the legal point of view?).
Iâd really wish for bunq to add some sort of MFA to at least money transaction operations.
(However, for me, hand recognition never worked well and sometimes actuall annoyed me. So on that sense Iâm happy seeing it gone but a better replacement is missing now, unfortunately.)