You could try USAA. They have all the bells and whistles (auto bill pay, check cashing app) and have great customer service and conservative lending practices.
USAA limits passwords to 12 characters. That means they're doing something wrong for password storage.
Although they offer 2-factor auth, only the SMS option is any good. If you choose Symantec VIP, your login consists of the VIP token and your 4 digit pin, rather than the VIP token and your password. A 4 digit pin does not provide much more security than the VIP token alone. I don't understand why they buddied up with Symantec rather than implementing OATH.
I know they're a good bank, but I can't get past those technical issues.
- Customer Service tab.
- "Visit the Security Center" in the left column under Security Features
- "View your SafePass settings" under the Online Banking menu when you expand it.
- I assume at that point there's an "Add SafePassDevice" option. I already have my phone added. I remember when I added it there was a snafu and I had to call the BOA fraud hotline to get it added, but they did add it.
- Once you have a SafePass device (sms-capable mobile), under Current SafePass settings, "change these settings" and set it to require SafePass to log in to online banking.
I don't like SMS 2-factor. People need to stop pretending that mobile networks are secure. I want something that runs autonomously on my phone (OATH, e.g. Google Authenticator), or a separate HW token for higher security. However, the choice between no 2-factor and SMS 2-factor is a no-brainer if you have an SMS allowance on your plan.
I think you need to be in the military (or be a direct descendant of someone who was) to use the insurance, but I think banking is open to the public. I highly recommend checking them out, amazing customer service.
EDIT: They have a unique organizational structure more like a co-op (http://en.wikipedia.org/wiki/USAA#Legal_structure)