I don't have a cell phone and until the lockdown, I didn't have Internet banking. Now that I do, I wonder how secure it really is without 2FA. It seems pretty secure to me, but of course I could be missing something.
With Kiwibank, you have to log in with account number and password. You are then presented with a randomly-selected security question from ones you have previously created. The answer to the question is displayed as blank spaces, and you have to correctly type in two randomly-selected blanks. This is done to prevent key loggers.
So how secure is this, really? The only way I can think of offhand to defeat it would be something in memory that copies the screen until the same answer has appeared enough times to fill in all the blanks, then keeps trying to log in until that question comes up again. Is there a better way to get around this?