In regards to Israeli banks, don't blame them, most of the rules are set by the Bank of Israel, and in this regard Bank of Israel is following the pattern of Asian regulators like Singapore and Hong Kong.

In regards to El Al, it's yet another indicator of a poor website design, in that no one has done any sort of risk analysis on the password policies or any comparison with comparable airline frequent flyer websites. IF they had done a comparison they would have realized that no airline or hotel FF website requires users to reset their passwords on a regular basis, and the only cases where it has been required were in case of a security breach, or where the website is upgrading their password policy requirements to require more complex passwords.