is it a 1024 bit or byte key that would resist for a vigintillion years?

adding on to this, the bank isn’t doing just mfa, it’s likely also doing risk-based authentication. logging in and viewing funds isn’t that risky, but moving money around is much riskier, even in the same account. so you have to provide stronger evidence that it’s you requesting the action.