The revised Payment Services Directive (PSD2) in EU describes standards of strong authentication and for the end user it means that mostly the bank's mobile app is being used as 2FA for logins and operations within the account

I'm not sure if physical tokens are being used anywhere but if they are, that's rather rare nowadays. It may be an option reserved in bigger banks or for business customers - I can see one of banks in my country offers it for a request and not by default.

Edit: it seems it's a feature for business indeed and banks opted for Cronto system - https://www.onespan.com/products/transaction-signing/cronto