If you try out Znote AAC, register a new account and enable the two-factor authentication system after you login to see how it works. It generates a rfc6238 compliant secret (it cannot be a completely random string), generates a QR code which you need to scan with authy.
The token generated by etc Authy is a temporarily code based on the secret (through QR code) and current timestamp. It only lasts 30-300 seconds. I see no reason to store this in the db at all.
The server could be crashing because the secret string is not compliant to the standard.
PHP:
function generateRandomString($length = 16) {
$characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'; // These are the only allowed chars, it is case sensitive.
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}