Banks are still doing SMS-based 2FA. And after doing some security training at work written by the FBI and seeing it suggest switching letters/numbers around to make a password “more secure” (like th15); I’ve completely lost confidence in banks’ security standards.