Throttle brute-force attacks against your application's login functionality
This could maybe be achieved by integrating with django-axes. But it is important to not only throttle overall login attempts, but also second-factor attempts within a login attempt.
From the pyotp README:
This could maybe be achieved by integrating with django-axes. But it is important to not only throttle overall login attempts, but also second-factor attempts within a login attempt.