According to https://2fa.directory/us/#banking there are 3 banks in the US that support hardware 2FA (without limitations like requiring a Symantec token or only being available to "high risk" clients): BofA, Morgan Stanley, and Mercury.
Of these three, Mercury isn't really a bank, it's a non-bank financial institution (and as the bankruptcy of Synapse shows, putting your money into these services can be risky), Morgan Stanley has zero locations within a 1 hour drive (important for when I need cashiers checks or need to deposit checks that mobile apps can't handle), and BofA's interest rates are laughable.
There's no FDIC-insured bank which has decent savings accounts, physical branches near me, and supports proper hardware 2FA. The best I can get is savings, location, and (the bank's app-based) software 2FA.
There truly is no incentive for the banks to improve, and I don't think anything will unless congress forces their hands (which seems unlikely, given that the average person has never suffered an SMS 2FA-based attack on their finances and thus has no reason to write to congress about it).
Of these three, Mercury isn't really a bank, it's a non-bank financial institution (and as the bankruptcy of Synapse shows, putting your money into these services can be risky), Morgan Stanley has zero locations within a 1 hour drive (important for when I need cashiers checks or need to deposit checks that mobile apps can't handle), and BofA's interest rates are laughable.
There's no FDIC-insured bank which has decent savings accounts, physical branches near me, and supports proper hardware 2FA. The best I can get is savings, location, and (the bank's app-based) software 2FA.
There truly is no incentive for the banks to improve, and I don't think anything will unless congress forces their hands (which seems unlikely, given that the average person has never suffered an SMS 2FA-based attack on their finances and thus has no reason to write to congress about it).