My bank uses 6 digit ‘customer number’ (which is set by the bank) and that’s verified with an app and a personal PIN (app shows ‘login attempt ABCD at mm.dd. hh:mm’ where ABCD is shown on login page too) or via SMS OTP (again with ‘ABCD’ verification). And again with personal pin + app or OTP to confirm transactions. The app itself can be protected with a fingerprint or phone pin and every new installation needs to be registered to the system, so I can’t just use my phone app to access my wifes account (or anyone elses) but I still can map multiple accounts (like corporate ones) to the same installation.
My bank uses 6 digit ‘customer number’ (which is set by the bank) and that’s verified with an app and a personal PIN (app shows ‘login attempt ABCD at mm.dd. hh:mm’ where ABCD is shown on login page too) or via SMS OTP (again with ‘ABCD’ verification). And again with personal pin + app or OTP to confirm transactions. The app itself can be protected with a fingerprint or phone pin and every new installation needs to be registered to the system, so I can’t just use my phone app to access my wifes account (or anyone elses) but I still can map multiple accounts (like corporate ones) to the same installation.
I think that’s pretty reasonable approach.