@neauoire imho it just needs to be any kind TOTP implementation

I used yubioath, gopass and unixpass (with pass-otp extension) in the past. All of them are fine.

Yubioath is secured by hardware (yubikey) and unixpass/gopass can use GPG as a backend to secure the secrets.

And you can use yubikey/nitrokey directly in the browser, but this depends on a recent chrome or firefox browser, I guess.