This same procedure is used in the United States with startup darlings like Coinbase. No debit card or one-time-password required, please give your real bank account password.
I had heard good things about mint, and I liked the 'dashboard' screenshots and such. Then I looked at how it worked, particularly "provide your bank credentials" part.
It didn't take long to realize how incredibly dangerous that was, and leave.
Banks should provide API access for services like this because it mitigates significant security issues.
https://support.coinbase.com/customer/en/portal/articles/194...