In most countries, giving your bank details gives them deposit-only access.

The US is behind the rest of the world on this one.

Even so, anything that allows you to omit one more bit of entropy can make you safer by making you more anonymous. We've already seen a few high profile attacks where the attacker exploited a vulnerability that arose out of how two or more services handle personally identifiable information. The Apple/Amazon one is one such example. The security professionals at each company choose to request different bits of entropy to identify someone and may give out other bits of entropy not among their identity bits. When two or more services complement each other in this regard, you can contact the first to get information to give to the second.

Facebook makes this even worse in that is exposes a lots of the commonly requested bits of entropy. It's not hard to identify someone's mother on Facebook. From there, you can identify her parents (if still alive) or brothers and cousins, to get her maiden name. Now if your birthday is visible or published anywhere, an attacker has yet another bit of entropy. Add enough together and an attacker now has enough information to walk into a bank agency with your bank account number and possibly gain access to your account.

TBH, we're at the point where it shouldn't be legal to secure accounts with any method that involves multiple bits of entropy. Any system that permits someone close to you (friends or family) to pretend to be you simply isn't secure. These days you don't even need to bother with power of attorney because it is so stupidly easy to impersonate one's parents, significant other, sibling, children, etc.

> It's not hard to identify someone's mother on Facebook

This is by design. You can identify "relationships" in Facebook, and they will display who your mother, brother, sister, even cousins are.

Yes, of course it is. The point is that different systems can break other systems.

Thanks for stating my point so succinctly.