Instead of TOTP (or yubikey's proprietary stuff), it'd be nice to support webauthn. https://webauthn.guide/
