These days banking is one of the things for which a phone is required for. It is used as the primary banking device for most people, and for the rest it is required for two factor authentication when logging in on a PC or to verify online transactions.
Maybe some bank would allow you to use some third party two factor authentication device to log in sometimes, but most (if not all) would require you to use their "app".
In my country, banks force us to install "security modules" in order to do this. Once upon a time, back when I used Windows, I got bored and tried to pry one of these things open to see why they made the computer so unusably slow. I caught it intercepting every single network connection and doing god knows what with them. That told me all I needed to know.
It used to be that Linux users like me were exempt but at some point they added Linux support. Now there's a goddamn AUR package for this thing.
I use GnuCash/aqbanking on Linux with a physical TAN generator myself to access my German bank account. The fact that this works is not up for debate.
My point was that you can't do it *without hardware attestation*.
You can choose between 1. a smartphone with hardware attestation, or 2. a physical TAN generator with hardware attestation.
Maybe some bank would allow you to use some third party two factor authentication device to log in sometimes, but most (if not all) would require you to use their "app".