[security-dev] TOTPCredentails should not be associated with Password

Right now, AFAICT, you cannot update the TOTP secret key without also knowing the password. I"d like to not have TOTP classes inherit from the corresponding Password classes. I can implement and provide a pull request if you agree. Another thing to think about down the road is that you may want to allow multiple tokens. Tokens generated by different devices owned by the user. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com