Issue
Can I use desktop or browser-based TOTP authenticators?
Resolution
As a best practice, use mobile authenticator apps or physical security keys because these types of verification methods exist separately from a user’s laptop or workstation. This way, if a bad actor manages to gain access to a user’s computer, the user’s second factor isn’t also compromised.
That said, if a TOTP desktop authenticator app or browser extension is the only option that works for you, you can satisfy the MFA requirement with these types of methods.