What are third-party TOTP authenticator apps?
All of the Salesforce products, including Heroku, that have MFA functionality support the use of third-party authenticator apps as verification methods for MFA logins. You can use any authenticator app that generates temporary codes based on the OATH time-based one-time password (TOTP) algorithm (RFC 6238). There are many free and paid authenticator apps to choose from. Widely-used options include Google Authenticator, Microsoft Authenticator, and Authy.
To log in using this type of verification method, the user gets a code from a TOTP authenticator app, then enters that code during the Salesforce login process. See Third-Party Authenticator Apps for setup instructions.
Note: Setting up a PIN or biometric requirement on their mobile device is highly recommended. This extra requirement ensures that unauthorized parties aren’t able to access your authenticator app.