Google Authenticator (I'm not sure about the app, but I know that the PAM module does) supports HTOP, which is the same HMAC-SHA1-based construction but relies on a counter instead of the current time. The counter is incremented on successful password entry (with the PAM module) and on request for the code via button on the mobile authenticator or token.
Which is annoying because now you cannot have an authenticator on multiple devices. With TOTP as long as you know the secret and time you can spin up Google Authenticator on anything and it will work, with HOTP you have the counter synchronization problem. This also makes backups a much MUCH bigger challenge.
That being said, HOTP is theoretically more secure than TOTP because even if the secret is exposed (e.g. old backup) they'd still need to crack the counter. It also does avoid clock problems.
I almost think the ideal solution would be to set up TOTP primarily and HOTP as a backup. Two different accounts, and you take the HOTP secret (likely QR code), print it, hide it, and destroy the digital copy.
