mod_authn_otp is an Apache web server module for two-factor authentication using one-time passwords (OTP) generated via the HOTP/OATH algorithm defined in RFC 4226. The developer’s has listed only one compatible device (the Authenex’s A-Key 3600) on their website. If a device is fully compliant with the standard, and it allows you to recover the token ID, it should work. However, without testing, it’s hard to tell whether a device is fully compliant.
Have you ever tried other devices (software or hardware) with mod_authn_otp (or other open source server-side OTP program)? If yes, please share your experience 🙂
Any device that claims to be “OATH Compliant” should — and probably does — work.
The hard part is not compliance, it’s getting the vendor to give you the secret key associated with the token. The don’t like to do this because they make their money off the servers, not the tokens.
Note this new iPhone app also works if cell phones are an option for you.