This application lets you generate One Time Passwords that are used for a more secure authentication (two-factor) - instead of having to enter a static password the iPhone plays the role as a "security token" that generates passwords that are valid only one time.
The authentication mechanism is based on two factors:
- the token device (i.e. mOTP-Application) and
- a PIN
Since the generated passwords are only valid for a very short time - it is of no use for a possible attacker.
Moreover the passwords can only be generated with a hold of the PIN as well as the token device.
Note:
- the server you want to log onto also needs to implement the OTP-algorithm, you need to configure your "shared secret/PIN" there
- the secret key is generated using random by shaking your iPhone :)
- the algorithm uses MD5-hashing
- compare this solution with "Mobile-OTP" Midlet solution on http://motp.sourceforge.net/- also free server components to be used e.g. as PAM can be found there.
- the clocks of your iPhone and your Server have to be in sync
- the algorithm can also be used for implementing a challenge-response authentication i.e. the PIN is not fixed but a random number is provided to you by the server at the login prompt.