If a bank lets you use ONLY a password to access your accounts it is clear that they do not care much about theft. The rest of their security will be similarly crappy. I would trust them with my mortgage. Not my savings or payment accounts.
My bank requires me to log in with a unique single use code. That code is generated by a "random reader". To generate a code I need to put my PIN card in that reader and enter the PIN.
After I have logged in I still need to sign my transactions. Also with a single use code generated by my random reader. This signing code requires me to enter a single use code that is generated by the bank and displayed on the signing page. Each signing event needs a different code, each code generates a different signing code to enter on the signing page (to prevent some man in the middle attacks.). Next I need to enter the total amount on my random reader (to prevent large problems in other man in the middle attacks).
For large amounts I also need to enter the bank account number in my random reader (to prevent large problems in other man in the middle attacks).
The app is slightly less secure once activated, but you need to sign (with the process described above) to activate your account number on that phone. If you never do that there are no phones that can access your account via the app. You can only pay to known bank accounts with the app. Only those you have already paid to (with the extensive signing procedure).
I like my bank. They have actually spend time to secure transactions. They have found ways to secure it without much hassle (the random reader is easy).
Maybe that is because they are on the hook if they can not prove that I authorized the transaction myself.