How to enable totp 2fa for login to laptop?

Hi I was wondering if there was any way to add totp 2fa as a requirement for logging into my laptop. I dont really want to use my yubikey since I cant back it up and I cant really afford to spend $50 on a backup atm. Are there any solutions?

Like with an android phone?
google-authenticator should work I think.
Its in the repos as libpam-google-authenticator

From there the steps should be pretty similar to this guide I found quickly:
How to add two-factor authentication to Linux with Google Authenticator | TechRadar
Except instead of the /etc/pam.d/common-auth file (which we do not have) you should use /etc/pam.d/lightdm (assuming you use lightdm) or you may wish to enable it for other services and/or make use of a more generalized file like /etc/pam.d/login to cover more than just the display manager.
Then again … I never did this … so dont go breaking things on my advice :wink:

thanks Ill investigate this and get back to you

Another interesting alternative is pam_usb – in this case you use your USB stick as hardware key:

https://wiki.archlinux.org/title/Pam_usb

eh I decided it would be too much of a hassle so nvm. thanks for the suggestion

You can use tpm2-totp to show you a code during boot which would not be a requirement to log in, but just a sign of unchanged binaries used for booting process.