Like many, I was drawn to Klarna for its convenience. However, after a deep look at their security, I've concluded that this convenience is achieved by making a cynical and dangerous trade-off: Klarna's entire security model operates on the assumption that its users are incapable of handling real security. This philosophy is not just flawed; it's disrespectful to every person who trusts them with their financial data.The problems are twofold:1. The "Front Door" is Unlocked: Their day-to-day security relies on a simple PIN and SMS text messages. In 2025, this is inexcusable "security theater." It is widely known to be vulnerable to common SIM-swap attacks, yet Klarna continues to use it, presumably because they believe offering modern, robust options like authenticator apps is too complex for their user base.2. The "Back Door" is Left Wide Open: Even worse is their account recovery. A criminal can bypass any security you have, including a modern Passkey, simply by using the "Forgot PIN" feature, which relies on a single, insecure SMS code. This highlights a foundational rule that Klarna chooses to ignore: An account's security is only as strong as its weakest recovery method. Theirs is one of the weakest imaginable.This brings me to the core issue: Why? Why do this when better solutions have existed for years? The only logical conclusion is that Klarna has decided it's better for business to treat its users as if they are stupid, rather than empowering them to be secure. They have chosen to accept a dangerously low security standard for everyone rather than trust their customers with best-in-class options.People in the tech community often wonder why consumers don't demand better security. My question is, why do companies like Klarna keep getting away with providing a service that is fundamentally insecure by design?I have reported these issues to Klarna directly. To anyone reading this: understand that when you use this service, you are being protected by the lowest possible security denominator because that is what Klarna has decided you can handle. Proceed with that knowledge.EDIT / UPDATE (June 11, 2025):Klarna has now replied to this review. As predicted, their response was a generic, templated message asking me to "chat with customer service."This response proves that they did not actually read or comprehend the critical security flaws detailed here and in emails. My report on their insecure account recovery architecture is not a standard customer service issue that a chatbot can resolve; it is a matter for their Security Architects and Product Leadership.By trying to funnel this serious feedback into a generic support queue, Klarna has only confirmed the core of my argument: they do not take user security seriously at a fundamental level. Their inadequate response should serve as a further warning to any potential user.
