So this is basically solve the same problems as http://en.wikipedia.org/wiki/SecurID, but using a paper sheet instead of a hardware/software generated key?
They are similar, but each has its advantages and disadvantages. According to the OTPW site:
"Admittedly, the security obtained by OTPW is not comparable with that of a challenge-response system in which the user has a PIN protected special calculator that generates the response. On the other hand, a piece of paper is much more portable, much more robust, and much cheaper than a special calculator. OTPW was designed for the large user base, for which an extra battery-powered device is inconvenient or not cost effective and who therefore still use normal Unix passwords everywhere."
5 comments
[ 5.4 ms ] story [ 23.7 ms ] threadEdit: I found a few implementations.
http://wordpress.org/extend/plugins/one-time-password/
http://alexking.org/blog/2008/06/27/phonefactor-10
http://henrik.schack.dk/yubikey-plugin/
http://blog.fastmail.fm/2008/07/21/one-time-and-sms-password...
http://squirrelmail.org/plugin_view.php?id=276
Yubikey looks interesting and they also have a web service API.
http://www.yubico.com/products/yubikey/ http://www.yubico.com/developers/api/
MyPW is another web service: https://www.mypw.com/
OpenOTP supports both hardware tokens (also supports Yubikeys) and all kinds of phones.
http://www.rcdevs.com/products/openotp/
http://security.dj/?p=4
"Admittedly, the security obtained by OTPW is not comparable with that of a challenge-response system in which the user has a PIN protected special calculator that generates the response. On the other hand, a piece of paper is much more portable, much more robust, and much cheaper than a special calculator. OTPW was designed for the large user base, for which an extra battery-powered device is inconvenient or not cost effective and who therefore still use normal Unix passwords everywhere."