Let's say somebody attests via a smartphone and looses it? Then what? Some stranger can use the attested identity on the phone indefinitely for whatever purpose? This is dangerous.
Setting a strong password prevents this.
You better make sure it's realy strong. And make sure your phone or PC is unhackable so nobody will steal your password via a keylogger and the like methods.
And make sure that the Jumio database is never hacked. Because once it's hacked you are ...cked.