There are many Authentication modules available out-of-the-box from ForgeRock OpenAM. One of them is HOTP - HMAC-based One Time Password.
Fairly easy to configure and integrate with the default LDAP module. So, the user will be first prompted with a user name and password fields to key in. Once successful, he/she will be redirect to the HOTP page to key in the OTP.
The previous implementation of HOTP in OpenAM was a little cumbersome such that user has to manually click on "Send OTP" button in order to fire the sending of the OTP to the user's email and/or SMS.
This feature has been enhanced in the latest release of OpenAM 10.1. (I'm not too sure of 10.0.1, but I'm pretty sure 9.5.x doesn't have this feature). The latest enhancement is to "Auto Send OTP Code".
Simple enhancement, yet it makes the user experience so much better!