For applications where it really mattered, harware authenticators have long been established. Big companies use smart cards, and my bank has always offered the choice between the 2FA-du-jour (switching from pre-distributed TAN lists to SMS 2FA to various iterations of 2FA apps, currently push tan) or just getting a $20 reader for my existing bank card (which has a chip since forever in europe).
The list you are describing could as well be seen as every service trying to implement the simplest and least disruptive technology, only to find out two years later that it was insufficient and switching to the next best thing, only for the cycle to repeat each time.
Which of course from the users perspective doesn't make a difference, but it gives a different perspective on how to solve it for the future.
The list you are describing could as well be seen as every service trying to implement the simplest and least disruptive technology, only to find out two years later that it was insufficient and switching to the next best thing, only for the cycle to repeat each time.
Which of course from the users perspective doesn't make a difference, but it gives a different perspective on how to solve it for the future.