Distributing one-time passwords

Quote:

---

Originally Posted by mannyer

Just wondering why not support Umikeys first? Since it is robust and much more affordable to all.

I've been using Umikey on Mashedlife and it works like a dream. The auto-navigation and OTP generation work on both my German keyboard and English keyboard, and on Linux, Mac and PC. And the price is reasonable that I bought a bunch with ~ $5 each.

Thanks for inputs

---

At the moment I have implemented support for Yubikey (http://yubico.com/products/yubikey/). It does not offer all the same functions as Umikey, but all you need to pay for is the hardware itself. Yubico provides a validation API that is free to use, and open source libraries to interact with the API. I used 10 minutes to fully integrate Yubikey support in my application.

The users also have an option to recieve a one time password in a GPG signed email. This email also contains information that will help protecting against man in the middle attacks (if the user is educated).