I have my system configured so there’s one offline service qube containing all the secret stuff I wouldn’t want to leak. This means: passwords, GPG keys and… OTPs.
Yes, you can have an OTP generator without a mobile device. That’s where
[user@sys-secrets ~]$ pass otp github 764327
I can write a complete guide, how to configure it, either here or in Community Docs. Give me some feedback if you want such a guide.