You're correct: You could TOTP from a java phone app, a tablet, an airgapped computer, a non-airgapped PC you were really confident of the security of, and so on.
That's why I said "bad for" rather than "impossible for" :)
After all, you'd still be excluding all the people who don't have any of those. Like my 90-year-old neighbour who only has a landline phone.
I've helped maybe 50 employees set up VPN access at my workplace, and at least 2 of them said they didn't have any way to TOTP independently of the laptop we were issuing them with.
That's why I said "bad for" rather than "impossible for" :)
After all, you'd still be excluding all the people who don't have any of those. Like my 90-year-old neighbour who only has a landline phone.
I've helped maybe 50 employees set up VPN access at my workplace, and at least 2 of them said they didn't have any way to TOTP independently of the laptop we were issuing them with.