Yes and to be honest it's not necessarily unjustified BUT it should ONLY be done when the parts, hardware, software, or both, are not linked to a single proprietary actor.

Need security before doing a $1000 transaction because everything so far was $10? Sure, ask for a physical token 2FA, NOT a YubiKey implementation.

Obviously though if I was working at Google or Apple and paid for the success of my company via incentives, e.g. stock, I would fight tooth and nail to let banks know that only MY solution is secure.