@voltrina >have physical 2FA code generator devices
Those would actually be reasonably secure if those devices weren't from companies like RSA, who does things like accept a bribe of merely a million dollars to backdoor their encryption library and the bank stored the code seed in a reasonably secure manner instead of storing and managing such exclusively with proprietary software.