It is not just what the bank wants and pushes on its clients, because f them. At least in EU, they are pushed into it by PSD2 ("Payment Services Directive 2"). Even if you are happy with accessing the bank via browser on the computer, you are going to need the second factor for auth, and SMS isn't going to be it.

Because it is pushed centrally, banks do not have a choice. Hence, you as a customer, won't have a choice either, unless you consider not using the bank online at all as a choice.

Actually, the EU is being used as a scapegoat here (as usual). SMS is perfectly allowed by the directive. As would be even a old Google Authenticator-style OTP code which does not need any propietary software to work.

Banks are forcing you to run proprietary software on proprietary operating systems with draconian "security measures" that would make the latest DRM-enforcing-rootkit look like a children toy. They check whether your device is rooted, whether it has any non-Google-approved programs installed, whether Google Play notifications work, etc. And if you fail any of these checks, good luck using your credit card!

Open-source operating systems are basically dead in the water at this point, since failing to run these proprietary programs is not going to be a minor "I can't play this game" level- nuisance, but rather a life critical issue. And so far more and more banks keep enforcing these measures.

And for some reason there is no big outcry about this.

Even Korea's "all banks require ActiveX" situation was very mild compared to where we're going...

Moving away from SMS is good. SMS is cleartext, equipment to fake a number and get their messages is maybe hundreds of dollars at this point.

Encrypted push notifications are much better.

PSD2 lets you do basically whatever you want. Fingerprint is enough, or confirm in phone app if making a transfer from a desktop banking UI.

U2F would be nice but with banks being banks that's not going to happen this decade.