I think we all know the answer to that question :)
I would note that professional bank feed apis (e.g. yoodle) also use username password pairs and not only break when you change password but can result in a locked bank account due to too many retries.
That said, there is no universal solution in the US.
> I think we all know the answer to that question :)
May I ask-- for those not in the know --that what is it? :) From your comment I'd infer that username/password, but that hasn't been the case for many years, at least at the banks I use (in Europe).
If he's using headless Chrome then it's likely form filling. I.e. just automatically typing in the answers to the authentication prompts on the pages as you'd normally do when you log in. Most banks, even those with TOTP or alternate MFA methods, allow you to login with standard authentication details to get access to statements and not make any changes.
I would note that professional bank feed apis (e.g. yoodle) also use username password pairs and not only break when you change password but can result in a locked bank account due to too many retries.
That said, there is no universal solution in the US.