Re: Confused!
You're missing something.
Say you used the same password for your bank and for some other e-commerce website. (Yes, you shouldn't, but many do!). Say the other site gets compromised and a list of names, addresses and passwords finds its way to the crims.
With password-only banking, they'll likely hack into your account.
With two-factor authentication using an app on your mobile, they'd also have to steal your phone before they can try to hack in. Which they can't do unless they are in your vicinity. If the hackability of random accounts from the stolen info is 5%, they'd have to steal twenty customers' phones to get into one bank account. I doubt that's feasible.
The other way around, my bank has sent me a credit-card sized gizmo which I have to use to generate one-time authorization codes before I can transfer money. (There's an app alternative, which I don't yet feel any need for). If someone breaks in to my home and steals it, they won't be able to steal my money because they won't know my password.
It's a bit of added hassle but on balance I'd prefer it is all banks did this.