This issue has actually been covered in other posts. Webassist takes credit cards online, and thus has to be PCI compliant. Their merchant bank not only requires pci compliance, but many have stiffer security requirements to keep their merchant rates low.
As for being more difficult than your bank, perhaps they are behind the times a bit. Many banks, when entering a password require you to recognize an image, or logo as belonging to your accoung, and click in your password on a randomly changing keypad (ie keys that change position each time you reload the page) to prevent keyloggers from capturing your password.
While I agree it is a hassle to have to type in my password each time I visit, it seems a small price to pay for the added secutity.