Hi all,
I’m currently building a blockchain-based Two-Factor Authentication (2FA) system for a project. The system uses TOTP (Time-based One-Time Passwords) and smart contracts to handle OTP verification on-chain.
I’m integrating XMTP to send OTP codes directly to users’ wallets as a secure, decentralized alternative to email or SMS. The flow is:
- User triggers 2FA (e.g., login or sensitive action).
- System generates a TOTP-based OTP.
- OTP is sent via XMTP to the user’s wallet address.
- User retrieves and enters the OTP.
- Smart contract verifies the OTP.
I’d appreciate feedback on:
- Is XMTP reliable for time-sensitive OTP delivery?
- Any best practices for using XMTP in auth flows?
- Potential security or UX concerns?
Thanks in advance!