FWIW, some services do in fact use your bank username and password to instantly verify your account rather than the usual "we made two small deposits, tell us the amount when they come through in a few days".
But, I was mainly referring to the account and routing number. Anyone with those two numbers and access to the ACH system can drain your account. I know one person who wrote a check to a bill collector, then the bill collector entered their numbers into the their ACH system and started taking regular withdrawals from the account without the owners permission. The owner had to close the account to make it stop.
That one was like 15 years ago - I think the laws around debt collections are better today, but the ACH system is still fundamentally the same system.
But, I was mainly referring to the account and routing number. Anyone with those two numbers and access to the ACH system can drain your account. I know one person who wrote a check to a bill collector, then the bill collector entered their numbers into the their ACH system and started taking regular withdrawals from the account without the owners permission. The owner had to close the account to make it stop.
That one was like 15 years ago - I think the laws around debt collections are better today, but the ACH system is still fundamentally the same system.