With Tangerine I have set up the secret question thing where my answers are secure passwords generated with my password manager. Their login asks for the secure question answer before the 4-6 digit useless pin entry, so it has that going for it at least. I refuse to set up SMS based 2FA.