This application lets you generate One Time Passwords that are used for a more secure authentication (two-factor) - instead of having to enter a static password the iPhone plays the role as a "security token" that generates passwords that are valid only one time.
The authentication mechanism is based on two factors:
- the token device (i.e. mOTP-Application) and
- a PIN
Since the generated passwords are only valid for a very short time - it is of no use for a possible attacker.
Moreover the passwords can only be generated with a hold of the PIN as well as the token device.
- the server you want to log onto also needs to implement the OTP-algorithm, you need to configure your "shared secret/PIN" there
- the secret key is generated using random by shaking your iPhone :)
- the algorithm uses MD5-hashing
- compare this solution with "Mobile-OTP" Midlet solution on http://motp.sourceforge.net/- also free server components to be used e.g. as PAM can be found there.
- the clocks of your iPhone and your Server have to be in sync
- the algorithm can also be used for implementing a challenge-response authentication i.e. the PIN is not fixed but a random number is provided to you by the server at the login prompt.
+ Adaptations for iOS10
Ratings and Reviews
Really well done, works exactly like it should. Got the PHP interface working with it!
Needs RFC 4226 Support
Nicely done. It would be even better if it had an RFC 4226 compatible mode.
With Family Sharing set up, up to six family members can use this app.