Your banking password isn't that sensitive, because banks are used by regular people who don't have any conception of good security practices. The worst case scenario of your bank login credentials leaking are really not that bad.

Your personal email account is probably a million times more sensitive. It contains enough personal information to get your identity stolen a thousand times over, and once your email has been compromised there is no way to ascertain the damage.

I don't hear often about banks providing API access. Only big companies on special contracts may get something like that, but it is usually very limited - talking from my personal experience, but what I learnt from the internet - it's the same everywhere.

But... In Europe thanks to just another EU laws we should have every bank offering an API access for everyone starting from September 2018 IIRC. That would help a lot with automation, I hope generating few api keys with different access permissions would be possible with that.

My bank gives only readonly access by default with the username/password. Any transaction (transfer, operation) requires a one-time pin (TAN) anyway. So I'm not particularly worried about leaking my password.

I wish they had an API but I just use a selenium script essentially. Luckily(?) logging in to this particular account only requires user/password and no fancy codes etc. I guess when the system is built with readonly default and OTP for anything else, then the login can be kept simple.