Banks should take more responsibility
Push this onto the users forget it, why not force the users to have a secure password, and allow that secure password in there systems.
I see so many banking systems say you need over 6 characters but it has to be below 12 characters not include characters xyz, how on earth can you create a secure password with so many restrictions?
Additionally hardly anyone does Google reCAPTCHA or two step authentication texting a code to your phone, and the memorable information, why such a small list, allow users to create there own question.
And then the government is not forcing shopping sites to secure your card details in a secure way, just mention Talk Talk here and others.
Banks and the government need to step up to the mark not hide behind a wall and say "not our fault".