ZegnatRe: simple TOTP & password IndieAuth self-contained thingamabob, how about encrypting the TOTP secret with the user’s password? That way password isn’t stored on the server at all and TOTP secret is not stored in the clear. Any obvious drawbacks to that?
