If they bank does not have a two token security system, its is not secure. A single password should never, ever, anywhere, be enough to legally prove identity or validate a bank transfer.