[iso1631]

My bank wanted me to verbally give them a new password (with various constaints like uppercase, lowercase, symbols, at least 12 characters) over the phone, having already identified with a dozen or so personal bits of information.

Apparently it was perfectly secure because to use it I also need an SMS

[coldpie]

Yikes. You should get a new bank. There are acceptable places for compromising security a bit, but reading out your password over the phone and then verifying SMS code also over the phone is definitely not one of them.