Indeed, a multi-layered approach, while more expensive, provides some advantages. It is also interesting to compare this system to the one applied in countries where security is more of an issue.
In Brazil, for instance, where hackers get quite creative, some non-business accounts offer 2FA via authenticators.
Some banks even require you to install some "security" Windows software before enabling you to use your home computer. Needless to say, such software is not always easy to remove (as most trojans). I'm not sure how it would work on a Linux (if it would work at all).
And sometimes they also limit online transfers to ridiculously low amounts (e.g. 100$/day).
Despite all that, they only allowed numeric passwords for the online system, consisting of 8 digits (chosen by the user) + 3 characters (chosen by the system). I believe this is to ensure the same password can be used in ATMs as well.
In Brazil, for instance, where hackers get quite creative, some non-business accounts offer 2FA via authenticators.
Some banks even require you to install some "security" Windows software before enabling you to use your home computer. Needless to say, such software is not always easy to remove (as most trojans). I'm not sure how it would work on a Linux (if it would work at all).
And sometimes they also limit online transfers to ridiculously low amounts (e.g. 100$/day).
Despite all that, they only allowed numeric passwords for the online system, consisting of 8 digits (chosen by the user) + 3 characters (chosen by the system). I believe this is to ensure the same password can be used in ATMs as well.