It is incumbent upon any service that handles personally identifiable information or other sensitive information to provide the basic tools for a confidence-inspiring level of security. It's a common best practice.
For instance, today we use what is called "two-factor authentication". You enter not only a password, but also, after doing so, you need to be able to either get a code on your phone or carry around a physical key. I don't have mine on me; it's in my bag. It provides a belt-and-suspenders solution. The systems that provide that are providing an order of magnitude more security and confidence in the systems, and they are much more difficult to scam.