I think MD should really have two factor authentication for user login. If login details are compromised then the following would be available:
- GDPR Sensitive Personal data could be derived from financial transactions
- User’s bank account details are visible from the account list page
- It’s possible to create financial transactions (move money) using MD
Can you implement industry standard 2FA process (App based 2FA using QR code), preferably with support for security keys?