The question is whether something standard like TOTP is also offered as an option (regardless of how "dark-patterny" it is to get to the option --- I've seen services that will heavily push their own app, but if you look carefully you'll see TOTP too, often disguised as "Google Authenticator" or something else that doesn't explicitly say TOTP but actually is.)
Authentication has been a solved problem for decades but no bank is going to ask the general public to use their SSH keys.
Nor ask them to put their smartcard in the reader, although many banks will already have given one to their customers...
Authentication has been a solved problem for decades but no bank is going to ask the general public to use their SSH keys.
Nor ask them to put their smartcard in the reader, although many banks will already have given one to their customers...