Depends on the bank. I guess in US banks themselves are 20 years in the past. My bank had this log-in setup, where you have your fixed password but also need to enter a password from your password card. This is being phased out and will not be available from Sep 1st. I myself have been using mobile signature/smart-id (https://www.smart-id.com) for years now. Other remaining options are using your ID card or passcode generators—like Google Authenticator but a physical device.