Projects / Multi-OTP


Nowadays, a simple password is not enough anymore! Multi-OTP is an OATH-certified PHP class, a Web interface, and a powerful command line tool that can be used to authenticate and manage OTP user tokens for strong two-factor authentication. It can create, update, and delete tokens to authenticate users with one time passwords (OTP). The users' data are stored in files. The class can also check the user token using several algorithms: Mobile OTP (MOTP), OATH/HOTP (RFC 4226), and OATH/TOTP HOTP Time Based (RFC 4226 extension). It works with compatible software tokens (iPhone, Android, PalmOS, Nokia, and other Java J2ME capable phones) and hardware tokens (such as Feitian, ZyXEL, Authenex, or Seamoon). The multiotp command line utility is also provided, both in "compiled" form (for Windows) and in source code (for Linux or educational purpose). The multiotp command line can be combined with FreeRADIUS (under Linux) or the free TekRADIUS LT (under Windows) in order to have a powerful radius strong authentication server.

Operating Systems

Recent releases

  •  15 Apr 2014 07:55

    Release Notes: XML parsing consolidation (same library for the whole project) and a fix for a bug concerning token CSV import.

    •  06 Apr 2014 21:53

      Release Notes: This release has a new -user-info option, the ability to import tokens defined in a CSV file, to display the NT_KEY for further handling by FreeRADIUS (like ntlm_auth), more than 60 QA tests, and better MySQL support with mysqli library support.

      •  03 Mar 2014 22:11

        Release Notes: This release has better AD/LDAP integration (with group filtering) in order to automatically create accounts for your users. The Web GUI is complete for simple usage, including hardware token import. Some values can now go back to TekRADIUS. If activated, a prefix PIN is now also requested for SMS authentication. MS-CHAP and MS-CHAPv2 are now supported. Token resync doesn't need a prefix PIN anymore (but it is still accepted). Specific parameter order in QRCode for Microsoft Authenticator support.

        •  24 Dec 2013 16:45

          Release Notes: The Open Source edition of multiOTP is now OATH certified for HOTP and TOTP, which includes encrypted PSKC import support. All instructions and files to build your own strong authentication server device on a Raspberry Pi nano-computer are included in this release. Self-registration of unattributed hardware tokens is now supported. Automatic resync/unlock during authentication is now supported. The default Linux file mode is now set by default to 0666 to avoid access problems. A basic Web GUI is provided.

          •  22 Sep 2013 22:22

            Release Notes: This release fixes a bug in GetUserScratchPasswordsArray.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.