But they won't. HN is quite good at suggesting a lot of genuinely intelligent and valid potential technical solutions, but most banks won't even think about supporting TOTP broadly. They'll lean into smartphones and apps because this is where the bast majority of their customers are. In this case the 'tyranny' is the overwhelming preference of other people. The masses have spoken, and they want everything to be on their phones.
Also because ticking boxes. You just provide an app that fulfills all the silly security requirements for banking apps and then if something goes wrong, the customer has the burden of proving it's the banks fault.
I've had my banking app installed on an old Samsung phone running lineageos. I only powered it on when I had to do online banking. At some point I needed to update the app and they started checking for rooted devices, so it wouldn't work anymore. Now I've installed it on a much newer android device that I also use for a lot of other crap and sketchy stuff I don't want on my main phone. Also it's powered on all the time. Whether that's really more secure than what I did before is questionable.
Maybe not for you, but rooted phones are a legitimate risk for users that do sideload pirated games and malware etc. I still think the risks are arbitrary, but I can understand why banks want to avoid rooted phones
Then they should also avoid rooted Windows machines where malware is a legitimate risk and orders of magnitude more prevalent than on mobile. Doing one but not the other is arbitrary and just pushes people towards having a locked-down device that they don't fully control with them all the time (can't uninstall tracking software from the vendor, for example). A locked-down computer that just sits in your office all day would be less worrisome
