Santander
They may get good marks from this mob but from a user login viewpoint I would give them a F or lower.
I have the misfortune to use Santander for one account and they have 7 different validation fields/flags plus unless you use a Linux PC they try to push Trusteer at you every time (unless you are willing to allow them to fill your browser with cookies, great choice there).
I get they want to look like they care about security but it doesn't work.
Why does logging in need more that an ID and password plus a validation code of some sort which could be a OTP sent to the registered mobile, an RSA fob or similar?