Yes that’s a good suggestion. However Most banks in NZ use SMS for various authentication.

alasta:

 

I would prefer the industry standard rolling code system that you can use to log into things like Google. 

 

Some banks will provide a proper two-factor key if you request one but it costs $25 or so. I've had RSA SecurID (6 digit TOTP) fobs from both TSB and ASB.

Beware that TSB don't use it properly (security theatre) and it doesn't help security with them (they don't use the fob during login, and you can choose whether to use the fob timecode or SMS when doing a transaction).

Business accounts often have better security options - so business banks can sometimes allow customers to use other security measures.

alasta:

 

Whilst app based 2FA is much better than SMS, it's still not ideal because it's dependant on you having access to a specific device (i.e. your iPhone). This becomes a problem if, for example, the device is damaged or the battery is flat. I would prefer the industry standard rolling code system that you can use to log into things like Google. 

 

Apps can be installed on multiple devices, for ASB it seems it is limited to 3 however which has not been an issue for me for a while.

I can see it from their perspective that the app allows them to know when you are getting the code and where it is being delivered to. It does mean that you need connectivity on the device as well.