I currently use a token for one of my banks and to be honest it is the account I feel safest logging into.
The code on the tag changes every 30 sec or so and is required as a third step or second password if you like.
My other banks app uses my fingerprint to login. However, whenever anything happens to my phone, like resetting it or replacing it. I end up having to change my password because my fingerprint has gone and I’m so used to not putting in a password it’s forgotten.
I don’t mind fingerprint at all. The token however has never caused me the same problem.
Incase nobody knows what I’m talking about google RSA SecurID. It can’t cost Suncorp too much to run, as it costs me a one off fee of $20 every 5 yrs.
Just a thought