Yes, however you can only go so far before it becomes a nuisance.

Wouldn't be the first time I get my bank account blocked for transfering fiat to some random bank account while trying to stack some sats using robosats. I used to get super angry at them and i still wish they had an opt-out for it, but i have come to understand that most people are easily fooled. Heck even i get emails that give me a jump scare at first and then when i read properly i find out that it's phishing.

You definitely need to inform the user that:

- We will never ask you about your

- We store this information about you

- Our communication always comes from

Maybe something about general best practices about not reusing passwords etc.