The Google Authenticator project includes implementations of one-time passcode
generators for several mobile platforms, as well as a pluggable authentication
module (PAM). One-time passcodes are generated using open standards developed
by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth).
These implementations support the HMAC-Based One-time Password (HOTP) algorithm
specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm
specified in RFC 6238.
The PAM module can add a two-factor authentication step to any PAM-enabled
application. It supports:
* Per-user secret and status file stored in user's home directory
* Support for 30-second TOTP codes
* Support for emergency scratch codes
* Protection against replay attacks
* Key provisioning via display of QR code
* Manual key entry of RFC 3548 base32 key strings