I have always declined. It’s just too creepy. Maybe they record me anyway and create the voiceprint from that.
However that is more for authentication on a phone call. I am not aware of any web sites using voiceprint authentication.
For logging in to the ATO via the MyGov web site it’s just the vanilla stuff discussed above (no 2FA at all, for now, or SMS).
For now.
Flogged off to ANZ in July (subject to regulatory approval).
Being ‘flogged off’ is subject to regulatory approval.
If acquisition of Suncorp Bank is approved, ANZ could in the future roll customers into ANZ Bank. This is unlikely as it discounts the value of the Suncorp purchase. More likely, Suncorp will continue to trade as Suncorp and be a banking entity/division under ANZ Banking Group. A similar examples would be Commonwealth and Bankwest or Westpac and St George.
Indeed. In the case of Westpac and St George I believe it was even a condition of approval. But the devil is in the details. While Suncorp would continue to trade under its own identity, that doesn’t mean that behind the scenes the two organisations wouldn’t be becoming increasingly unified, with the potential for minor changes to terms and conditions, minor changes that would be visible to the customer.
In particular, there is very little to be gained by having different rules for 2FA or for security generally.
For example, if you had an RSA token for one bank, you would be a bit unimpressed if the token didn’t eventually work for either bank, assuming that you independently already had accounts with both banks before the merger (and even more so after the merger).
Borrowing from the example of Westpac and St George, it has been some years since you started to be able to use your card in either bank’s ATM, whether your card was originally from one bank or the other, without incurring a fee.
Suncorp encouraged the use of RSA tokens until recently. It suggested we not replace ours when they expired and move to authentication using our mobile devices. Preferably also by downloading and installing their mobile device App.
ANZ from memory did not offer regular customers an RSA device option. The prophecy may come to pass, assuming the merger gets approved. If it does I expect many will go elsewhere. BOQ perhaps for us as it’s the only bank with a branch that does not need a rest room break factored in. 
P.S.
WestPac cashed out in 2018, although the internet search engines that Google places to the top of any request for the local branch will direct one to where it once was.
Yes, quite. Most banks, indeed many other companies too, are pushing their spyware.
From a security point of view, this makes no sense. 2FA via RSA token is far more secure than 2FA via mobile app. Any functionality offered by the app that is unrelated to 2FA has the effect of
a) undermining 2FA (since you are led to using only a single factor, the app)
b) weakening banking security generally (since it increases the attack surface of the app).
I’m unsure of the definition of “regular”. 
ANZ definitely does offer some customers an RSA device (at no cost to the customer). It is implied by the ANZ web site that this includes both business customers and personal customers.
Where RSA devices are going to get painful is if you have accounts with 5 different banks and have to carry around 5 different tokens on your key ring.
Perhaps there is scope for the federal government to use its banking powers to mandate common, open standards for 2FA in banking and for RSA (or someone else) then to develop a slightly more sophisticated device that is capable of authenticating for multiple entities (not just banks even) but without the vastly larger attack surface of a smartphone as a device.
A characteristic behaviour associated with using ANZ banking services, some might suggest.
Experience of ANZ for many years even as a small business customer to having an RSA type device was ‘not available’ except …. !
The availability did change eventually. It has not in my space been promoted to everyday personal customers. Possibly one needed to be an active personal investor with substantial value to ANZ to receive an appropriate response. The most recent discussion was less than 2 years old. Yes, they have an RSA option, but …… The short version - I was directed to a different solution. As I suggested, it’s a recollection.
I think it changed fairly recently when 2FA became more or less mandatory, and only available to those who didn’t subsequently have a mobile phone number on file (other than those who were already otherwise eligible).
Westpac listened and responded a bit late but some pundits are commenting on password requirements in the new topic
This topic is now redundant because the ‘problem’ is solved (arguable) so it is closed.
