Interesting. So it's just a bunch of obfuscation and 3rd party api crap around a core of TOTP shared secrets between the app and symantec? Why don't they implement it that way, and make it transparent, so that their app can add multiple VIP credentials, rather than obfuscating everything, locking it down to a single shared credential for all sites?