There's something called soft-token authentication. There are things like Google Authenticator or Authy or things like that, which are available for quite a few different types of apps and things that we use. A lot of social media offers it. But often it's a secondary offered form of authentication. It's not widely known. It's accessible only to smart phone users unfortunately. But there are still a lot of things we use in which they promote two-factor authentication by SMS, and still banks often promote that only.
On March 12th, 2020. See this statement in context.