There’s a previous topic on this.
The previous reply from Freetrade seems to fundamentally miss the point. They mention that a user can enable 2FA on their email. This is essentially passing off the security of Freetrade user accounts to an unknown third party.
It’s fundamentally flawed, and I can only imagine it’s near the top of the head of infosecs risk register. (And if it’s not he’s missed an issue)
Freetrade cannot know what security if any a user has on their email, or even if they’re the only ones who have access to it, so they should be assuming that the email has on average very basic username and password security. And as worst, that it’s shared or compromised.
The idea that a user should secure their email while good advice isn’t a solution for Freetrade. It’s just bad security practice.
So I do agree that better security is needed at least when logging into the app the first time. It seems to till be a simple email link? Which isn’t any form of secure login in my mind, never mind 2FA.