Actually I find that the online access to US banks (well - the two I've used) is pretty dismal, and the protection relies too much on a few known data items (such as the SSN).

For comparison, the online access to my account here in Switzerland required that I fill in a request in writing, and then I received a special calculator and (by separate mail) a SIM card (with a PIN).

To access your account you have to know your contract number (NOT your account number), you need to know the PIN to your SIM card, enter six challenge digits that the online system generates into the calculator and enter the response that was generated on the calculator (which is alpha-numeric, BTW).

Pretty complicated, but the probability of getting hacked through simple password guessing is extremely small (absent other types of security problems in the code, of course).

Michael