I wish there were laws making it the bank's problem if your account gets hacked. The security they choose to use is secondary, but you bet they'd be the most secure websites around if they were liable for the losses.
You won't probably get what you wish for: this is how it works in South Korea but the solution that the banks went is worse than SMS-OTP, where your bank is expected to monitor your computer (https://palant.info/2023/01/02/south-koreas-online-security-...).