Actually this is almost totally BS. The correct answer is probably closer to "it depends". First off, some banks have two-factor authentication. In many cases, it's a device that displays a number that you have to key in to validate. That device is linked to your account, it will not work for anyone else. Also that number is constantly changing depending on a set algorithm.
So okay you set up a phish, you get a name and a password, so what? you still need the device, and so you must somehow conspire to get it off him. Good luck with that.
Secondly he is not even close to the Internet. You'd realize the game was up the moment something strange happened after you entered your name and password.
Even gmail has two-factor authentication, it will text a number to you, that you need to enter in to log in to the account. And that's just email. If someone has your email account details, well so what, he'd have to steal your phone too
Actually there are easier ways to get people's passwords, if that's what you want. Some cafes have security cameras, it's easy enough, for someone who has access to the live or taped feed, to see what keys your hands are typing.
But even so, you'd still need the device, or your phone.
So while it's not advisable to do your banking on public wifi, in a pinch, if it's absolutely necessary, it can be done as long as you change your password at some secure location as soon as you can.
Also, he did not get "hacked', it was just a phishing scam, there's no "hacking" involved at all.
Ever since then, I don't login unless I'm on mobile mode only.
What exactly is "mobile mode" and why do you think it's safe from a hidden security camera?