Hello. Long time subscriber, first time commenter.
You have said that it is a good idea to have accounts on gdax and gemini. Today I registered on gemini. Annoyed that they're not using google authenticator for 2FA but whateves. What really got me is they want my bank ID and Password. WTF? I'm prepared to provide routing and account number but no effin way am I handing over my credentials to some crypto exchange. Or anyone else for that matter. Why would they even ask for that? Did you provide them with your ID & Pass? Seriously WTF?
Yeah unfortunately this is the case with GDAX too. Made me uncomfortable too. I changed my password beforehand, entered it in GDAX / Gemini and then changed (within seconds) the password back to my original password just to be safe. The reality is they don't store your data and only need to do it once to verify your bank. It's safe, but I don't blame your paranoia.
With Gemini you can use a 2FA called "Authy" which functions just like Google Authenticator. Trust me, Gemini is worth the time to set up.