NEW 220.127.116.11 VERSION OF 2015-07-15
is a PHP class and a powerful command line utility OATH certified developed by SysCo systèmes de communication sa in order to provide a completely free and easy operating system independent server side implementation for strong two factors authentication solution.
Nowadays, spywares, viruses and other hacking technologies (including bugs exploitation like Heartbleed
) are regularly stolen passwords typed by the user.
By using a strong two factors authentication solution, the stolen passwords cannot be stored and used later anymore because each password (called OTP for One-Time Password) is only valid for one authentication and will failed if used a second time.Enhanced users synchronization (since version 18.104.22.168)
With Active Directory or LDAP synchronization, disabled accounts, expiration date and locked accounts are synchronized as disabled.Users synchronization with any standard LDAP server (since version 4.3.1)
Beside Active Directory synchronization, it's now possible to synchronize a standard LDAP server like for example the Directorx Server of a Synology NAS.Optimised Raspberry Pi edition (since version 4.3.1)
A special web proxy has been developed in order to dramatically improve the response time with a Raspberry Pi implementation. A binary image (top be flashed directly on a SD card) is available here: http://download.multiotp.net/raspberry/YubiKey in proprietary mode Yubico OTP (since version 4.3)
It's now possible to use YubiKey in proprietary mode Yubico OTP. Tokens are provisioned by importing the log file in traditional format. Thanks to Yubico
who provides the tokens for the workshop organized for the launch of the 4.3 version during the Application Security Forum
in Yverdon-les-Bains (Switzerland).Active Directory password support (since version 4.3)
It's now possible to use the Active Directory password instead of a PIN code. With version 4.3.1 and above, it's also possible with any standard LDAP server.Tokens CSV import (since version 22.214.171.124)
It's now possible to put your old hardware tokens definition in a CSV file and to import it directly into multiOTP
.NT_KEY generation (since version 126.96.36.199)
NT_KEY is now generated by multiOTP
and displayed for further handling by FreeRADIUS.Lot of new QA tests (since version 4.2.4)
More than 60 different tests (for the library and the command line) are integrated with multiOTP
.Better MySQL(i) support (since version 4.2.4)
MySQL support has been improved in multiOTP
and the mysqli library support is also supported.Active Directory integration (since version 4.2.2)
can create strong authentication accounts automatically for users that are present in a specific group of the Active Directory of the company.Enhanced integrated web interface (since version 4.2.2)
provides now a web interface in order to import hardware tokens, create accounts, synchronize tokens or unlock accounts.MS-CHAP and MS-CHAPv2 support (since version 4.2)
supports now MS-CHAP and MS-CHAPv2 encrypted authentication requests.
Tokens resynchronisation without prefix code (since version 4.2)
doesn't need anymore the prefix code in order to resynchronise hardware tokens.
OATH certified (since version 4.1)
is now OATH certified for HOTP/TOTP and is compatible with any token that is also certified. PSKC encrytped files are supported.Rasperry Pi nano-computer supported (since version 4.1)
provides all necessary files in order to create your own strong authentication device using a Raspberry Pi.Self-registration and automaic resynchronisation (since version 4.1)
offers the user the possibility to self-register his hardware token. It is also possible to resynchronize a token during the authentication.Fully integrated client/server functionalities (since version 4.0)
can even be installed on laptops, for example if you need strong authentication on your laptops and you are not sure that you will have Internet access during the strong authentication process. This is possible and is now working with a native client/server support and the ability to have also automatic caching of tokens information of any users that have logged at lieast once on the laptop.SMS tokens and emergency scratch passwords (since version 4.0)
supports hardware and software tokens with different One-Time Password algorithms like OATH/HOTP, OATH/TOTP, mOTP (Mobile-OTP), SMS tokens or also emergency scratch passwords with 10 codes.MySQL support for the backend storage (since version 4.0)
The data storage of the command line utility is flat files based in order to simplify deployment in a few minutes, but MySQL is now also fully supported. multiOTP
can be easily integrated in free RADIUS servers like FreeRADIUS under Linux and Windows or TekRADIUS LT under Windows.
QRcode generation for ultra-simple provisioning (since version 4.0)multiOTP
is fully compatible with Google Authenticator which supports TOTP and HOTP, and this by simply using QRcode provisioning.
And a lot of new features to discover...
- Create the account in multiOTP
without a PIN prefix request: multiotp -fastcreatenopin user_test
- Create the corresponding QRcode: multiotp -qrcode user_test
- Flashing the QRcode in the smartphone
- Enjoy the power of multiOTP
: multiotp -status -debug user_test xxxxxx
(xxxxxx is the current code displayed by the Google Authenticator)
Don’t hesitate to contact us by sending an email to info
if you have suggestions, or comments.
If you want to use multiOTP
to log on your desktop, server or laptop with a strong authentication, have a look at MultiOneTimePassword Credential Provider
, a great free product that works starting with Windows Vista.