is a PHP class and a powerful command line utility developed by SysCo systèmes de communication sa in order to provide a completely free and easy operating system independent server side implementation for strong two factors authentication solution.
Nowadays, spywares, viruses and other hacking technologies are regularly stolen passwords typed by the user.
By using a strong two factors authentication solution, the stolen passwords cannot be stored and used later anymore because each password (called OTP for One-Time Password) is only valid for one authentication and will failed if used a second time. multiOTP
supports hardware and software tokens with different One-Time Password algorithms like OATH/HOTP, OATH/TOTP and mOTP (Mobile-OTP). The data storage of the command line utility is flat files based in order to simplify deployment in a few minutes. multiOTP
can be easily integrated in free RADIUS servers like FreeRADIUS under Linux or TekRADIUS LT under Windows. multiOTP can even be installed on laptops
, for example if you need strong authentication on your laptops and you are not sure that you will have Internet access during the strong authentication process. This is possible because we have sponsored the development of TekRADIUS LT which is a light RADIUS server for Windows (using SQLite as backend database) that works well with server versions of Windows but also with desktop versions of Windows like XP, Vista or 7. multiOTP is fully compatible with Google Authenticator
which supports TOTP and HOTP. Please be careful about the implementation of this authenticator by following these points:
- the manual key entered in Google Authenticator is in a abse32 format (A-Z, 2-7, =)
- the manual key must have a multiple of 8 characters (but at least 16 characters), = characters can only by at the end for padding purposes
- the manual key must be converted from base32 to hexadecimal value (please see this online converter tool
) in order to type this last value when creating a user in multiOTP
- Enter the key (16, 24 or 32 allowed characters): 234567ABCDEF2345
- Convert it using the converter website: D6F9DF7C0110C85D6F9D
- Create the account in multiOTP
: multiotp -debug -create test TOTP D6F9DF7C0110C85D6F9D 1111 6 30
- Enjoy the power of multiOTP
: multiotp -status -debug test xxxxxx (xxxxxx is the current code displayed by the Google Authenticator)
A base32 decoder will be integrated in the next version of multiOTP
Don’t hesitate to contact us by sending an email to developer[AT]sysco[DOT]ch if you have suggestions, or comments.