@neauoire imho it just needs to be any kind TOTP implementation
I used yubioath, gopass and unixpass (with pass-otp extension) in the past. All of them are fine.
Yubioath is secured by hardware (yubikey) and unixpass/gopass can use GPG as a backend to secure the secrets.
And you can use yubikey/nitrokey directly in the browser, but this depends on a recent chrome or firefox browser, I guess.