Any chance of supporting Google Authenticator so people don't need "yet another device" (or MyPW, or YubiKey, or Verisign VIP or Mobile-OTP)?
If it is OATH, it should work.
Tested with the iPhone OATH generator, and that is fine.
Google authenticator is OAUTH. Probably the others are too these days.
RevK: RFCs go in, C code comes out. The guy's a machine :)
talldavek, come on - that took me house yesterday afternoon to code that. Though mainly because I found a bug in another part of the system that I had to track down before I could get the data to save correctly.I wonder if we should make authentication server boxes, e.g. with embedded OATH stuff and RADIUS authentication server...
Thanks for the post - it prompted me to play with MOTP on my router and...well it Just Worked (TM)!
What's your iPhone OATH app of choice, out of curiosity?
I don't have an iPhone, and in fact have a proper key-ring gadget as per picture. So no real preference. I tried "OATH Token" and it worked.
Just in case anyone else is looking (took me a while to google it) the cheap OTP tokens are here: http://www.gooze.eu/otp-c200-token-time-based-h3-casing-1-unit
Comments are moderated purely to filter out obvious spam, but it means they may not show immediately. Also, Blogger seems to be a bit broken so I am having to manually check and hence comments may some times take days to show.