I've created a success page that:

1. Shows a prominent success message with a green checkmark icon
2. Displays 6 recovery codes in an easy-to-read grid layout
3. Includes a warning message about saving the recovery codes

4. Provides two ways to save the codes:

   • Copy to clipboard button (with feedback when copied)
   • Download as a text file
5. Has a clear call-to-action to return to settings
6. Maintains the same design language as the setup page
7. Is fully responsive and accessible

Key features:

• Recovery codes are displayed in a monospace font for better readability
• The copy function provides visual feedback when codes are copied
• The download function saves codes as a plain text file
• Warning message is styled to draw attention
• Mobile-friendly button layout that stacks on small screens
• Clear instructions and guidance for users

In a real implementation, you would:

1. Generate these recovery codes on the server during 2FA setup
2. Store them securely (hashed) in your database
3. Only show them once to the user during this success page
4. Implement proper navigation based on your app's routing

The page emphasizes the importance of saving the recovery codes before leaving, which is crucial for a good 2FA implementation.

I've created a TOTP authentication page with the following features:

1. Clean, focused design with clear instructions

2. Large, centered input field for the 6-digit code with:

   • Monospace font for better readability
   • Letter spacing for clear digit separation
   • Numeric keyboard on mobile devices
   • Auto-focus for immediate input
3. Real-time countdown timer showing when the current TOTP code will expire
4. Loading state during verification
5. Error handling with clear error messages
6. Option to use recovery codes instead
7. Fully responsive and accessible

Key interactions:

• The input only accepts numbers
• The verify button is disabled until 6 digits are entered
• Error messages are cleared when the user starts typing again
• The countdown timer resets every 30 seconds (standard TOTP interval)
• Loading state prevents multiple submissions

In a real implementation, you would:

1. Integrate with your authentication backend
2. Add proper error handling for different failure cases
3. Implement proper routing for the recovery code option
4. Add rate limiting to prevent brute force attempts
5. Consider adding a resend/refresh option for edge cases

The design maintains consistency with the setup and success pages while focusing on the immediate task of entering the authentication code.