Although not seen in the open market, some proprietary systems are using SHA256 for the OTP. It would be nice to support it. Expected complexity of introducing this feature is low.
We do not support OTP based on HMAC-SHA256 in our products (only the
original HMAC-SHA1, as proposed in the RFC [1]). It is allowed in the
RFC standard, but not really encouraged, and I have not seen any in the
wild, hence we have not considered it.
[1] https://tools.ietf.org/html/rfc4226#appendix-B.1
Although not seen in the open market, some proprietary systems are using SHA256 for the OTP. It would be nice to support it. Expected complexity of introducing this feature is low.