TOTP generates 6-8 digit codes that change every 30 seconds based on shared secret + current time. Used in authenticator apps (Google Authenticator, Authy, Microsoft Authenticator).
TOTP is much more secure than SMS codes — not vulnerable to SIM swapping. HOTP is counter-based instead of time-based. FIDO2/WebAuthn (hardware keys) is more secure than TOTP. Both are far better than SMS.