I use Kiwibank and I am totally comfortable with their security. I change my password and security questions every few months and, as someone else noted, my questions and answers do not make logical sense (so can't be guessed).
And as long as you don't share your logon details and password, you will be ok.
Golden rule: NEVER, EVER, EVER input your logon details from a text or email request to do so. No matter how convincing it looks, your bank will NEVER email you and ask you to update from an email.
So Kiwibank's annoying text message verification is (one reason) why I left them, I often did not receive these text messages... unfortunately I went to Westpac and I did not realise their security was so horrendous. Might be looking for a new bank now...
I really like this added security feature. From what I can gather, Kiwibank only txt me if I log in from a new device or are making a significant payment to a new payee - otherwise, they don't text. I'm totally ok with this.