Deciding on how to store the credentials is still a hard task. Even storing the secret. Ideally it shouldn't stay as a plain text in your database. If you use cloud, something like KMS can be used for additional security. Also you should still consider replay attacks, rate limits etc.
I agree in the sense that TOTP is hard to implement, no it is not. I hope this article helped people understand how TOTP works.
Deciding on how to store the credentials is still a hard task. Even storing the secret. Ideally it shouldn't stay as a plain text in your database. If you use cloud, something like KMS can be used for additional security. Also you should still consider replay attacks, rate limits etc.
I agree in the sense that TOTP is hard to implement, no it is not. I hope this article helped people understand how TOTP works.