In Singapore, the banks have moved away from SMS entirely, even for notifications. Now they have to come through the app.
But for login you basically register a single phone, download a certificate to it and that becomes your second factor. If you login via web or another phone, you need to approve the login from that phone.
Of course if you lose the phone (or it's damaged) you need to go to the bank to fix it, but that seems like a reasonable approach.
But for login you basically register a single phone, download a certificate to it and that becomes your second factor. If you login via web or another phone, you need to approve the login from that phone.
Of course if you lose the phone (or it's damaged) you need to go to the bank to fix it, but that seems like a reasonable approach.