In my experience many organisations use SMS to authenticate access to systems, all they do is send a code you have to type in 9n your screen and it has a limited time validity. I think the authentication I had to do today had around 4 options including SMS, back app, phone call, can,t reader what else. Used the bank app which involved some longish numbers to type in to app and then back into the payment transaction, took a minute or two to do !!!