The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth).

These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm currently in draft.

Implementations
This project currently offers mobile application implementations of HOTP/TOTP for Android and Blackberry, as well as a PAM module. An implementation for iPhone will be made available soon.

Google Authenticator for Android
The Android mobile app supports:

Multiple accounts
Support for 30-second TOTP codes
Support for counter-based HOTP codes
Key provisioning via scanning a QR code
Manual key entry of RFC 3548 base32 key strings
Google Authenticator for Blackberry
The BlackBerry mobile app supports:

Multiple accounts
Support for 30-second TOTP codes
Support for counter-based HOTP codes
Manual key entry of RFC 3548 base32 key strings
PAM Module
The PAM modules can add a two-factor authentication step to any PAM-enabled application. It supports:

Per-user secret and status file stored in user's home directory
Support for 30-second TOTP codes
Support for emergency scratch codes
Protection against replay attacks
Key provisioning via display of QR code
Manual key entry of RFC 3548 base32 key strings