Authenticator apps are the way forward. Much prefer them over texts, one-time activation URLs etc.
I have an M&S Credit card with M&S Bank and they have recently revised the login process so that you have to either use their phone app or one of those gadgets like a mini calculator to generate a one-time pass code.
When I looked in the Google Play Store for the app there were dozens and dozens of one-star reviews for it with people saying it either wouldn't start or it kept sending them round in circles and they were unable to log into their accounts, even after lengthy conversations with the help desk. The consensus was that the app is rubbish. In light of that I applied for one of the physical pass code gadgets. It took 8 days to arrive, during which time I was locked out of their online banking system.
After activating the device I was finally able to log into my account. It was a good job that I have the account set up to automatically pay off the balance each month, otherwise I would have been late paying and would then have incurred some interest, which has happened to a lot of people that were trying to use the phone app.
I agree that improving online security is a good thing, however M&S Bank's implementation is terrible and obviously had not been tested properly before being introduced.
The only reason I have the credit card is to get the rewards vouchers, but I'm not sure if it's going to be worth the extra hassle.