We recommend that you have the Email Code and the 2 Factor Authentication Application (2FA APP) enabled for the most secure configuration. It also advised to disable the CODE VIA SMS option once the 2FA APP option has been enabled and is working.
This configuration helps guard against things like SIM-swapping attacks (not common, but they do exist) and social engineering via text message.
You can access these setttings within online banking by visiting Setting > Security within online banking or the mobile app.
The settings will look like this when using the recommended configured in online banking:
Once this setup is complete, you will now see a screen like this when you log in: