Why can’t the app use face ID instead of two-step verification? Every single bank app that controls thousands of dollars worth of my money uses one time verification and then face ID from then on. It is frustrating to have to enter a code every single time I want to look at my app.

The 2FA is only needed if you log out of the app. You should not have to do that every time you open the app . . . unless you log out of the app. Also, in the app you can see which devices are logged in, and you can force log them out. I think what Ring has is a pretty good system. 2FA new connections, and lets you monitor them. But quick access for already logged in devices.