I recently implemented TOTP authentication[1] for a webapp of mine. Then I decided to extract it into its own web service offering,

http://www.totp.me

because I thought it was one of those things that was easy for people to implement insecurely if they weren't careful.

This is the V1. I'm trying to get a sense of whether implementing TOTP auth is a pain point for anyone and to develop this project further.

The service doesn't give you very much control. You redirect your website's users to it for authentication or master secret provisioning, and it redirects them back to you when done, with a pass/fail response. I wanted security mistakes during integration to be difficult to make.

[1] http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm