Banks used to give us those RSA tokens in the past for securely logging in to the web UI, but then discovered they can cut down on cost since everyone has two brands of smartphones.
No doubt. At least with FIDO2, people can provide their own hardware key, and get real security rather than a rolling number generated by a compromised algorithm [1].
[1] https://en.wikipedia.org/wiki/RSA_SecurID#March_2011_system_...