For the sake of completeness I will mention that one US bank that I use, Wells Fargo, issues the classic RSA keychain tokens:

https://www.wellsfargo.com/biz/online-banking/securid/

... which is quite simple and cheap ... and can be used in place of SMS 2FA.

The fact that these tokens exist and are so simple to deploy and use really deflates any claim (by banks) that banking and/or auth apps are required. It causes one to consider what the real motivation is behind the bank desperately pushing customers away from the simple and adequate web service towards the apps.