[jamesvnz]

It looks like with this service the user who can generate a TOTP can't see the backing seed. Therefore, if they leave, and get removed from Slack, they can't generate a code. If you just shared the seed then everytime someone left the team you'd need to regenerate.

[fragmede]

"need to" is a bit much. One should absolutely regenerate keys but to every attackers delight (and every CISO's chagrin), that doesn't make it actually happen. For things that need to be secure, (forced) expiration of keys is an important part of the system as a whole.

[cmeacham98]

Is it possible to reconstruct the seed (or some equivalent that would allow you to generate future codes)? If yes, how many codes would you need to do so?