Package otp implements both HOTP and TOTP based
one time passcodes in a Google Authenticator compatible manner.
When adding a TOTP for a user, you must store the "secret" value
persistently. It is recommend to store the secret in an encrypted field in your
datastore. Due to how TOTP works, it is not possible to store a hash
for the secret value like you would a password.
To enroll a user, you must first generate an OTP for them. Google
Authenticator supports using a QR code as an enrollment method:
Validating a TOTP passcode is very easy, just prompt the user for a passcode
and retrieve the associated user's previously stored secret.