There's absolutely no reason why you'd need a phone for most services. TOTP generators exist for every device and every platform. Some password managers even automatically copy a TOTP code after autofilling a password field.

Of course, you'd lose most security benefits of TOTP, but if all you want is to ignore security concerns and log in without a phone, there are tons of ways to accomplish this. Just set up authy or krypt.co and be on your way.

IMO the MFA codes aren't even the problem. The fact that you need to reauthenticate multiple times per week is the real issue. Session tokens valid for longer than four hours seem to be considered a sin in most big tech companies for some obscure reason.

Realistically speaking, the vast majority of the security benefit of TOTP in the wild is "the user doesn't get to choose a weak password", followed by "the persistent secret isn't getting sent over the wire"; being an additional "factor" is faaaar in the distance.

I think the advantage is that users suck at picking passwords, refuse to learn how to use a password manager, so TOTP is there to make sure that even if people set Welcome2023 as their password, some credential stuffer can't log in to their remote desktop because they need an extra six digits to log in.

You'll get the best security if you don't have the TOTP secret on a device that also contains your passwords, just in case you get hacked, but even with TOTP on-device it provides a little bonus security.