My bank sent me a little fob that generates a one time code. Of course, they will also use SMS, the app on your phone, or email for 2FA. They are all considered equally valid and there is no intermediate step should you wish to use one over the other at any time.

So really the fob is theater.