First time I used a 2FA device was an RSA "Safeword Card" which looked like a small handheld calculator and would display a multi-digit code that changed every minute or so. This was in 1998 and it had been put into use before that.
I think Sun Micro had deployed those to all their engs, perh others too. I think it had a PIN which when entered displayed the code which was valid for a min.
I meant SecurID were fairly well established by the early 2000s for VPN access, from what I remember, so I assume they came around at least a few years earlier, which would be the late 90s, they also weren't the only option on the market.